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ABSTRACT 

\ 

\ 

A  methodology  to  model  and  generate  variable  structure  distributed  intelligence  systems  is 
presented  Inrst.  the  objects  and  the  functional  aitides  that  belong  to  the  system  are  defined  as 
well  as  generic  interactions  between  them.  A  mathematical  fiamewoik  is  developed  to  represent 
these  interactions.  This  fiamewoik  is  embedded  in  Colored  Petri  Net  theory,  which  is  used  as  the 
basic  technique  to  genoate  variable  structures.  The  set  of  variable  structures  that  satisfy  both 
general  ctmstiaints  and  user-defined  requirements  is  analyzed  with  results  from  Lattice  theory.  A 
class  of  soluticxis  to  the  derign  problem  is  characterized  This  class  corresponds  to  the  variable 
structures  whose  variabilify  corresponds  exactly  to  the  requirements  of  the  user.  This  class  of 
solution  is  dectxnposed  into  subsets  of  structures  with  the  same  input  links.  Each  subset  is 
delimited  by  minimal  and  maTimal  elements.  There  is  a  layer  of  partially  ordered  subsets  between 
one  minimal  element  and  <»e  maximal  element  Each  layer  is  a  lattice.  The  methodology  is 
applied  to  two  illustrative  examples,  the  coordination  of  tasks  in  a  submarine  and  the 
coordination  of  taaks  anxmg  air  traffic  controllers  at  an  airport  finally,  policy  considerations  of 
the  research  on  distributed  intelligence  systems  are  presented 
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CHAPTER  I 


INTRODUCTION 


1.1  MOTIVATION 

Administrative  authorities,  because  they  address  the  global  needs  of  society,  are  involved 
more  and  mote  in  the  development  of  extranely  complex  organizatitms.  Typically,  the  legislative 
or  executive  branches  of  government  mandate  an  authority  to  design,  develop,  and  monitor 
systems  that  perform  desirable  functions.  The  administrative  authority  has  to  specify 
requirements  for  the  system,  to  define  a  development  plan,  to  inq>rove  the  system  over  time,  and 
to  submit  its  conclusions  and  projects  to.  the  political  authorities  for  approval  and  funding. 

Feasibility  studies  constitute  critical  stages  fm:  determining  whether  or  not  a  project  should 
be  developed,  and  whether  or  not  a  system  should  be  upgraded.  The  team  in  charge  of  research 
and  development  has  to  answer  unambiguously  the  concerns  of  policymakers  and  contractors. 
The  team  must  define  the  techiucal  requiremrats  and  demonstrate  to  the  policymalmrs  that  a 
system  can  be  implemented  or  upgraded  within  the  given  technological  and  financial  ccmstraints. 
The  team  must  show  that  the  proposed  system  will  offer  substantial  advantages.  To  sustain  the 
claims,  estimates  of  system  performance  have  to  be  developed.  The  political  authorities,  and 
expert  panels  that  are  consulted,  can  base  their  decision  on  these  quantitative  measures.  The 
predictions  famish  criteria  by  which  the  actual  performance  of  the  system  will  be  assessed  by 
policymakers,  and  by  which  decisions  about  the  oatcotae  of  the  project  will  be  made. 

Many  unresolved  issues  remain  in  the  design  and  analysis  of  large-scale  distributed  systems, 
such  as  the  Air  Traffic  Control  System,  the  various  systems  of  the  Department  of  Defense,  and 
the  information  systems  of  large  administrative  centers.  Such  systems  are  large-scale  because 
they  mobilize  many  resources:  Human  decisionmakers,  computer  and  communicaticxi  systems. 
Such  systems  are  distributed  because  they  must  perform  several  functions  to  accomplish  their 
missitm,  and  the  functions  are  spread  out  over  a  range  of  locations  and  divided  into  individual 
subtasks,  so  that  each  part’s  activity  contributes  a  little  to  each  of  the  several  functions  (Minsky, 
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1986).  The  different  entities  coordinate  their  activities  by  exchanging  information  over 
communications  systems.  Following  are  three  examples: 

•  Air  Traffic  Control:  Several  air  traffic  control  centers  are  located  throughout  a  country  to 
cover  its  airspace,  to  direct  planes  into  flight  corridors,  and  to  schedule  traffic  flow.  In 
each  center,  the  controllers  are  highly  specialized  professionals  who  operate  according  to 
certain  rules.  SensOTs,  computers,  and  communications  systems  help  them  accomplish 
their  tasks. 

•  Command  and  Control  systems.  The  best  definition  of  command  and  control  is  given  in 
Publication  1  of  the  Joint  Chiefs  of  Staff:  "Command  and  Control  is  the  exercise  of 
authority  and  direction  by  a  properly  designated  commander  over  assigned  forces  in  the 
accomplishment  of  his  mission.  Command  and  control  functions  are  performed  through 
an  arrangement  of  personnel,  equipment,  communications,  facilities,  and  procedures 
which  are  employed  by  a  commander  in  planning,  directing,  coordinating  and  controlling 
forces  and  operations  in  the  accomplishment  of  his  mission".  Most  systems  of  the 
Department  of  Defense  fall  within  this  paradigm. 

•  Office  Autcmation.  In  this  context,  the  model  describes  the  exchange  of  information  that 
takes  place  within  a  large  administrative  cmnplex.  The  exchange  of  information  can  be 
aided  by  a  computerized  information  system,  for  example,  when  timeliness  and 
throughput  rate  are  crucial 

Design  and  analysis  of  such  organizations  and  their  supporting  information  systems  are 
highly  complex  tasks.  They  involve  the  cooperation  of  people  with  different  backgrounds 
(policymakers,  users,  analysts,  en^eers)  and  conflicting  interests.  Consequently,  some  method 
is  needed  to  achieve  a  common  understanding,  or  to  illustrate  their  differences.  To  do  so,  there 
are  two  major  options,  either  noodeling  or  real-scale  testing. 

Usually,  these  problems  are  addressed  by  building  formal  models.  The  assumption  is  that 
models  precisely  define  specific  properties  or  characteristics  of  a  system  under  study,  and 
provide  the  foundation  for  verifying  these  properties.  As  quoted  m  Hmnmel  (1985):  "What  is  not 
specified  cannot  be  verified,  and  what  is  not  verified  may  be  in  error."  The  economic  rationale  is 
the  fact  that  the  systems  are  generally  so  complex  that  the  other  option,  exhaustive  real  scale 
testing  or  test  bed  experimentations,  requires  large  amounts  of  time  and  resources  that  caimot  be 
spent  on  every  dimension  of  the  system.  The  system  designers  and  the  policymakers  have  to  rely 
on  tools  that  yield,  "cheaply  and  quickly,"  reasonable,  comprehensible  insights  into  the  proposed 
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structures.  By  these  criteria  the  analysts  determine  the  critical  aspects  to  be  tested  extensively . 


The  difficulty  is  that  the  development  of  a  common  understanding  usually  involves 
customers,  users  of  the  proposed  system  on  one  side,  and  developers,  designers  on  the  other 
side.  This  means  that  the  participants  are  often  divided  between  those  who  understand  abstraction 
and  formal  terminology  and  those  who  cannot.  For  the  latter,  formal  terminology  is 
imacceptable.  Yet  without  formal  terminology,  the  specifications  of  a  system  cannot  be  a  basis 
for  development  or  analysis. 


1.2  PROBLEM  DEFINITION 

Recent  developments  in  the  theory  of  Distributed  Intelligence  Systems  (Levis,  1988)  have 
addressed  the  problem  of  analyzing  the  performance  of  a  given  architecture,  or  of  designing  an 
organization  whose  performance  would  meet  specific  requirements.  Issues  related  to  the  design 
and  analysis  of  fixed  structure  systems  are  becoming  well  understood.  In  fixed  structure 
systems,  the  interactions  between  components  are  fixed  and  weU  defined.  To  meet  requirements 
of  reliability  and  reconfigurability  from  users,  variable  structure  systems  need  to  be  addressed.  In 
variable  structure  systems,  the  interactions  between  components  can  change  depending  on  the 
task,  while  the  same  task  can  be  performed  with  different  combinations  of  resources.  Indeed, 
some  pattern  of  interactions  may  be  more  suitable  for  the  processing  of  a  given  input  than  others. 
If  designed  properly,  a  variable  structure  system  can  be  expected  to  achieve  a  higher  overall 
performance,  provided  that  it  adapts  its  structure  to  the  most  apprc^ate  interactions  for  each 
type  of  input 

A  firamework  has  been  already  developed  to  compare  quantitatively  organizational  designs  of 
large  scale  distributed  systems.  This  framewoik  includes  both  fixed  and  variable  organizations. 
Three  fsoblems  have  to  be  addressed  to  implement  a  methodology  that  links  the  design  problem 
to  existing  analytic  tools: 

(a)  A  framewoik  that  is  appropriate  for  a  mathematical  formulation  of  the  design  problem 
should  be  identified.  It  should  give  the  designer  the  means  to  tackle  quantitatively  his 
practical  problem  and  should  be  applicable  to  fixed  as  well  as  variable  structure 
architectures. 

(b)  The  concept  of  variability  has  to  be  refined.  Several  types  of  variability  must  be 


distinguished,  based  on  the  characteristics  of  the  system  that  vary. 

(c)  In  generating  distributed  systems  architectures,  designers  face  the  problem  that  the 
enumeration  of  all  the  systems  that  satisfy  the  ccmstraints  ci  the  design  is  intractable,  even 
to  systems  with  a  small  number  of  resources.  The  design  problem  should  be  kept 
con:q>utationally  feasible  by  putting  restrictions  on  the  methodology  without  drastically 
altering  its  scope. 

This  effort  would  fill  a  gap  between  the  analytic  tools  and  the  design  issues.  Once  a  designer 
has  specified  his  requirements  for  the  system,  he  can  obtain  every  candidate  structure  that 
satisfies  his  requirements.  Once  the  stracture  is  chosen,  it  can  be  evaluated  quantitatively. 


1.3  THEOREnCAL  BACKGROUND 

A  quantitative  methodology  for  modeling,  evaluation,  and  design  of  fixed  structure  systems 
has  been  developed  at  the  MTT  Laboratory  for  Information  and  Decision  Systems  (Boettcher  and 
Levis,  1982;  Andreadakis  and  Levis,  1987;  Remy  et  al.,  1988). 

The  organization  is  seen  as  a  system  performing  a  task.  The  processing  of  the  task  is 
achieved  through  the  execution  of  well  defined  procedures  or  algorithms  that  human 
decisionmakers,  intelligent  nodes,  and  the  supporting  intomation  system  possess.  In  this  model, 
the  human  decisionmakers  and  the  intelligent  nodes  have  a  four  stage  internal  structure  that 
makes  it  possiUe  to  differentiate  Qrpes  of  interactions. 

The  mathematical  formulation  of  the  fixed  structure  problem  is  based  on  Ordinary  Petri  Net 
theory  (Reisig,  1985).  Petri  Nets  have  been  introduced  to  model  organizational  forms,  as  they 
show  explicitly  die  interactive  stracture  and  the  sequence  of  operations  between  the  components 
of  the  organization.  Petri  Nets  have  proven  their  efficiency  as  modeling  and  analytical  tools.  In 
particular,  the  formalism  of  System  Effectiveness  Analysis  (Dersin  and  Levis,  1981; 
Bouthonnier  and  Levis,  1984;  Cothier  and  Levis,  1986)  yields  quantitative  estimates  of  the  extent 
to  which  a  specific  stracture  satisfies  the  mission  requirements. 

An  indirect  tpproach  to  the  generatitm  of  architectures  has  been  developed  to  fixed  stracture 
organizations.  In  Remy  and  Levis  (1988)  a  framework  was  presented  which  allows  designers  to 
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express  their  design  problem  in  mathematical  terms.  Then,  an  algorithm  was  developed  that 
makes  it  possible  to  characterize  and  generate  partially  ordered  sets  of  fixed  structures  that  satisfy 
the  designers'  requirements.  The  computational  requirements  of  the  algorithm  are  very  modest 

Monguillet  and  Levis  (1988)  initiated  the  investigation  of  variable  structure  decisionmaking 
organizations.  He  introduced  the  use  of  extensions  of  Ordinary  Petri  Net  theory.  High  Level 
Nets,  to  deal  with  variability.  Two  major  models  of  High  Level  Nets  have  been  developed  by 
Net  theorists:  Predicate  Transition  Nets  (Genrich,  1987)  and  Colored  Nets  (Jensen,  1987). 
These  models  follow  different  approaches,  but  are  equivalent  (Every  Colored  Petri  Net  can  be 
translated  into  a  Predicate  Transition  Net,  and  vice  versa).  Based  on  the  theory  of  Predicate 
Transition  Nets,  Monguillet  extended  the  framework  of  System  Effectiveness  Analysis  for 
comparing  both  variable  and  fixed  stmeture  organizations. 


1.4  GOALS  AND  CONTTUBUTION 

This  thesis  takes  the  point  of  view  of  the  members  of  a  Research  &  Development  team.  They 
want  to  study  all  feasible  configurations  of  the  system,  given  the  constraints  of  both  the  mission 
and  the  technology.  An  additional  constraint  is  that  they  must  interact  with  non  technically 
oriented  people.  This  thesis  answers  the  question  of  whether  or  not  it  is  possible  to  devise  a 
methodology  that  satisfies  the  conflicting  interests,  i.e.,  a  methodology  that  yields  significant 
improvements  in  the  design  process. 

This  thesis  presents  a  major  extension  of  the  earlier  work  by  addressing  the  problem  of 
designing  variable  structure  organizational  forms.  An  appropriate  mathematical  framework,  that 
of  Colored  Petri  Nets,  is  defined  to  investigate  systems  that  adapt  their  structure  of  interactions  to 
the  input  they  process.  The  properties  of  such  a  set  of  variable  structure  organizations  is 
presented.  An  illustrative  application,  the  design  of  two  hypothetical  systems  -  one  civilian  and 
one  military  -  is  described.  Both  the  advantages  and  the  limitations  of  the  methodology  proposed 
in  the  thesis  are  addressed,  based  on  these  examples.  Then,  a  policy  analysis  is  performed  that 
analyzes  how  the  methodology  better  satisfies  the  needs  of  the  policymakers,  the  users,  and  the 
analysts.  Finally,  recommendations  on  the  use  of  the  methodology  are  presented. 
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1.5  THE  THESIS  IN  OUTLINE 


This  thesis  is  organized  as  follows.  Chapter  n  is  an  introduction  to  Petri  Net  theory,  and 
describes  basic  notions  about  Ordinary  Petri  Nets  and  Colored  Petri  Nets.  Chapter  m  is  a  review 
of  the  results  on  equivalence  relations  and  partial  orderings  that  are  used  in  the  subsequent 
chapters.  In  Chapter  IV,  a  methodology  to  model,  represent,  and  analyze  variable  structure 
distributed  intelligence  systems  is  defined.  Chapter  V  translates  this  firamework  into  the  language 
of  Colored  Petri  Nets,  and  formulates  the  design  problem  of  a  Research  and  Development  team. 
Chaptn*  VI  introduces  the  constraints  that  must  be  satisfied  by  a  solution  to  the  design  problem. 
Chapter  Vn  characterizes  the  set  of  solutions  to  a  design  problem  as  well  as  some  of  its  internal 
properties.  Two  illustrative  applications  are  presented  in  Chapter  Vm.  Chapter  DC  analyzes  the 
political  and  scientific  environments  within  which  this  research  has  been  conducted.  Finally, 
Chapter  X  concludes  this  thesis  and  suggests  some  directions  for  further  work. 
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CHAPTER  n 


PETRI  NET  THEORY 


This  chapter  is  an  introduction  to  Petii  Net  theory.  First,  the  basic  level  of  the  fonnalism, 
that  of  Ordinary  Petri  Net,  is  presented.  Then  the  limitations  of  this  framework,  as  far  as  the 
modeling  of  nets  with  variable  structures  is  concerned,  are  identified.  One  extension  of  the  theory 
that  overcmnes  some  difficulties  has  been  described  in  the  literature  as  Ifigh  Level  Nets.  Two 
major  models  have  been  developed  within  diat  approach.  Predicate  Transition  Nets  and  Colored 
Petri  Nets.  The  concepts  of  Ifigh  Level  Nets  ate  presented  using  Colored  Petri  Nets,  which  will 
be  used  below.  More  introducmty  material  can  be  found  in  Peterson  (1981),  Brams  (1983),  and 
Reisig  (1985).  High  Level  Nets  have  been  described  in  Genrich  and  Lautenbach  (1981). 
Advanced  materials  on  I^edicate  Transition  Nets  are  provided  in  Genrich  (1987)  and  Mcmguillet 
(1988).  An  extensive  presentation  of  Colored  Petri  Nets  is  ^ven  in  Jensen  (1987). 

2.1  INTRODUCTION 

Large-scale  distributed  systems  have  certain  characteristics: 

They  exhilnt  concurrency  or  patallelisra  Several  components  can  work  at  the  same  time  oa 
the  same  task.  There  is  thus  a  need  to  represent  tire  precedence  relations  between  the  processing 
of  the  different  components.  The  precedence  relations  determine  the  degree  of  parallelism  that  is 
present  in  tiie  systera 

These  systems  very  often  offer  alternatives.  One  process  may  be  done  by  several 
components,  or  several  combinations  of  components.  Conversely,  a  particular  conq>onent  is 
usually  able  to  perform  different  types  of  ptotxsses. 

A  choice  may  create  a  corfiict.  Suppose,  for  example,  that  a  component  A  has  been  assigned 
to  some  task  B.  Suppose  that  some  task  C  arrives  that  can  only  been  processed  by  A.  C  carmot 
be  processed.  One  ration  is  that  the  conflict  will  be  resolved,  so  that  the  processing  of  C  will  be 
done  as  soon  as  A  finishes  the  processing  of  B.  However,  if  it  is  not  resolved,  the  system  may 
retch  a.  deadlock. 


19 


The  operations  executed  by  the  various  components  are  asynchronous.  There  are  no  global 
mechanisms  that  coordinate  the  scheduling  of  the  processings.  Each  component  usually  starts  its 
processing  as  soon  as  it  has  received  all  the  information  it  needs.  If  several  tasks  are  requested,  a 
queuing  discipline  (First  In  First  Out  (FIFO),  Last  In  First  Out  (LIFO),  etc...)  is  enforced  to 
schedule  the  individual  requests. 

Petri  Nets  have  been  introduced  in  the  modeling  of  Distributed  Systems  because  they  give  a 
graph-theoretic  representation  of  the  communication  and  control  patterns,  and  a  mathematical 
framework  for  analysis  and  validation.  Petri  Net  modeling  is  appealing  for  the  following  reasons: 

•  Petri  Nets  provide  an  integrated  methodology,  with  well  developed  theoretical  and 
analytical  foundations,  for  modeling  physical  systems  together  with  complex  cognitive 
decision  processes. 

•  Petri  Nets  capture  the  precedence  relations  and  stmctural  interactions  of  concurrent  and 
asynchronous  events.  Deadlocks  and  conflicts  can  be  easily  identified  on  a  Petri  Net . 

•  The  graphical  nature  of  Petri  Nets  helps  to  visualize  easily  the  complexity  of  the  system. 
They  are  thus  appealing  both  to  the  layman  as  to  the  analyst 

•  Various  extensions  of  the  basic  theory  allow  for  quantitative  analysis  of  resource 
utilization,  throughput  rate,  effea  of  failures,  and  real  time  implementation. 

2.2  ORDINARY  PETRI  NETS 

2.2.1  Defiiutions 

Definitiim  1.1 

An  Ordinary  Petri  Net  is  a  bipartite  directed  graph:  (P,  T,  L  O). 

There  are  two  sets  of  nodes: 

•  P  s  (pi,  pn}  a  finite  set  of  places. 

A  place  is  depicted  by  a  circle  node. 

o 

A  place  models  a  resource,  a  buffer,  or  a  condition. 

•  T  =  (tl, ...,  tm)  a  finite  set  of  transitions. 

A  transititHi  is  represented  by  a  bar  node. 

I 

A  transition  stands  for  a  process,  an  event  or  an  algorithm. 
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•  The  arcs  or  connectors  that  connect  those  nodes  are  directed  and  fixed.  They  can  only 
connea  a  place  to  a  transition,  or  a  transition  to  a  place.  They  are  given  by: 

•  I:PxT->{0,l} 

I  is  an  input  function  that  defines  the  set  of  directed  arcs  from  P  to  T. 

I(P>f)  =  /  if  the  arc  exists,  I(p,t)  =  0  otherwise. 

An  arc  from  a  place  p  to  a  transition  t  indicates  that  the  process  t  requires  the 
availability  of  the  resource  p,  the  fulfillment  of  the  condition  p,  or  the  availability  of 
information  in  the  buffer  p,  in  order  to  occur. 

•  O:PxT->{0,l} 

O  is  an  output  function  that  defines  the  set  of  directed  arcs  from  T  to  P. 

0(p,t)  -I  if  the  arc  exists,  0(p,t)  -  0  otherwise. 

An  arc  from  a  transition  t  to  a  place  p  indicates  that  when  the  process  t  is  finished, 
it  either  enables  the  condition  p,  makes  the  resource  p  available,  or  sends  an  item  of 
information  to  the  buffer  p. 

Example  2. 1 :  Oxisider  the  Ordinary  Petri  Net  shown  in  Figure  2. 1 


p5 


Rg.  2.1  Ordinary  Petri  Net 

The  set  of  places  P,  the  set  of  transitions  T,  and  the  input  and  ouq}ut  functions  that  define 
the  arcs  for  this  net  are: 

P={pl,..p5}  T={tl,t2,t3} 

I(pl,  tl)  =  I(p2,  t3)  =  I(p3,  t2)  =  I(p4,  t3)  =1  I(p,  t)  =  0  otherwise. 

0(p2,  tl)  =  0(p4, 1 2)  =  0(p5,  t3)  =  1  0(p,  t)  =  0  otherwise. 
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This  Petri  Net  describes  the  elementary  task  of  writing.  The  place  pi  describes  a  resource, 
the  pens  on  the  desk.  The  place  p2  represents  the  condition  that  one  has  taken  a  pen  in  the  hand. 
Place  p3  represents  a  stack  of  paper  in  the  desk  drawer,  place  p4  indicates  that  paper  is  on  the 
desk.  Finally,  place  p5  indicates  that  one  is  writing.  There  are  three  processes  in  the  system.  The 
process  tl  models  the  act  of  picking  a  pen,  while  the  act  of  getting  some  paper  is  noodeled  by  t2. 
Transition  t3  models  the  start  of  the  writing  activity. 

One  can  pick  up  a  pen  only  fit»n  the  pens  on  the  desk  (Link  from  pi  to  p2).  Similarly,  some 
paper  is  on  the  desk  only  if  it  has  been  taken  from  the  drawer  (Link  from  p3  to  p4).  Finally,  the 
links  from  p2  and  p4  to  t3  indicate  that  one  needs  both  a  pen  in  the  hand  and  some  paper  on  the 
desk  to  start  writing. 

Definition  2.2 

A  Petri  Net  is  pure  if  and  only  if  it  has  no  self  loop,  i.e.,  no  place  that  can  be  both  an  input 
and  an  output  of  the  same  transition. 

The  net  of  Fig.  2.1  is  pure.  All  Petri  Nets  that  are  considered  in  this  thesis  are  pure.  For  an 
extensive  discussion  of  this  modeling  issue,  see  Hillion  and  Levis  (1986). 

Definition  2.3 

A  path  is  a  set  of  k  nodes  and  k  -  1  connectors,  for  some  integer  k,  such  that  the  i-th 
connector  either  connects  the  i>th  node  to  the  i+l-th  node  or  the  (i  +  l)-th  node  to  the  i-th 
node.  The  path  is  directed  if  the  i-th  connector  connects  the  i-th  node  to  die  (i  l)-th  node 
for  all  i  >  l,.Jc.. 

Example  2.2:  In  Figure  2.1 

p3  - 12  -  p4  - 13  -  pS  is  a  directed  padi, 
p5  - 13  -  p2  is  not  a  directed  path. 

If  a  Petri  Net  has  sources  and  sinks,  then  any  path  from  a  source  to  the  sink  is  called  an 
irfomuttion  flow  path.  If  an  information  flow  path  is  a  set  of  k  nodes  such  that  the  k  nodes  are 
distinct,  then  die  information  flow  path  is  said  to  be  simple.  The  path  pi  -  tl  -  p2  - 13  -  p5  is,  for 
example,  a  sinqile  infnmation  flow  path  of  the  Petri  Net  of  Figure  2.1. 
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Definition  2.4 

A  Petri  Net  is  connected  if  and  only  if  there  exists  a  path  -  not  necessarily  directed  -  from 
any  node  to  any  other  node. 

Fig.  2.1  depicts  a  connected  net  Intuitively,  this  definition  formalizes  the  idea  that  a  Petri 
Net  models  a  whole  system.  There  are  no  partitions  of  the  set  of  nodes  into  disjoint  subsets,  such 
that  the  nodes  in  one  subset  are  not  connected  to  the  other  subsets. 

Definition  2.5 

A  Petri  Net  is  strongly  connected  if  and  only  if  there  exists  a  directed  path  from  any  node 
to  any  other  node. 

The  net  of  Fig.  2.1  is  not  strongly  connected  because,  for  example,  there  is  no  directed  path 
from  pi  to  p2. 

2.2.2  Petri  Nets  with  Maridngs 

A  Petri  Net  can  contain  tokens.  Tokens  are  depicted  graphically  by  indistinguishable  dots 
(•),  and  reside  in  places.  The  existence  of  one  or  more  tokens  represents  either  the  availability  of 
the  resource,  or  the  fulfillment  of  the  condition,  or  the  number  of  items  of  information  in  the 
buffer.  The  travel  of  tokens  through  the  net  is  controlled  by  the  transitions.  A  marking  of  a  Petri 
Net  is  a  mapping  M  that  assigns  a  non  negative  integer  (the  number  of  tokens)  to  each  place. 

Example  2.3:  Consider  the  Petri  Net  in  Fig.  2.2  with  the  indicated  marking. 
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M(pl)  =  M(p3)  =  l; 


M(p4)»2; 


M(p2)  =  M(p5)  =  0. 


It  is  the  same  net  shown  in  Fig.  2.1.  If  the  interpretation  of  Fig.  2.1  is  used,  this  maddng 
indicates  that  there  is  one  pen  on  the  desk,  one  sheet  of  paper  in  the  drawer,  and  two  sheets  of 
paper  on  die  desk 

Definition  2.6 

A  transition  is  enabled  by  a  marking,  if  and  only  if  all  of  its  input  places  contain  at  least 
one  token. 

In  Example  2.3,  tl  and  t2  are  enabled.  All  the  conditions  to  be  satisfied  are  fulfilled.  One 
can  either  pick  up  the  single  pen  or  put  another  sheet  of  paper  on  the  desk. 

Definition  2.7 

An  enabled  transition  can  fire.  The  firing  of  the  transition  corresponds  to  the  execution  of 
the  process  or  the  algorithm.  The  dynamical  behavior  of  the  syston  is  embedded  in  the 
movement  of  the  tokens;  when  the  firing  takes  place,  a  new  marking  is  obtained  by 
removing  a  token  from  each  input  place  and  adding  a  token  to  each  output  place. 

Example  2.4:  In  Fig.  2.2,  if  tl  fires,  then  the  resulting  marking  is  shown  in  Fig.  2.3. 


Fig.  2.3  Petri  Net  after  Firing 


Transitions  t3  and  t2  are  now  enabled.  If  t3  fires,  the  new  maddng  is  shown  m  Figure  2.4. 
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Renuok:  A  transition  may  fire  concunendy  mme  than  one  token,  i.e.,  a  process  may  handle 
several  tasks  at  die  same  time.  Each  firing  of  a  transition  is  thus  characterized  by  an  integer  k,  the 
firing  pattern  of  the  transition.  A  transition  can  fire  according  to  the  firing  pattern  k,  if  and  only  if 
all  of  its  input  places  have  at  least  k  ckens.  When  the  firing  takes  place,  k  tokens  are  removed 
firom  each  input  place,  and  k  tokens  are  added  to  each  output  place.  The  firing  pattern  is  0  if  a 
transition  does  not  fixe. 

2.2.3  Linear  Algebraic  Approach 

So  far.  Petti  Nets  have  been  described  as  graphs.  An  alternative  and  equivalent  approach  can 
be  developed  using  linear  algebra  with  integer  coefficients  (Memmi  and  Roucairol,  1980). 

I^finition  2.8 

A  Petti  Net  with  n  places  and  m  transitions  can  be  represented  by  a  n  x  m  matrix  C,  the 
Incidence  Matrix,  The  tows  correspond  to  places,  the  columns  correspond  to  transitions. 

•  Cij  =  1  if  there  is  a  directed  arc  fiom  the  j-di  transition  to  the  i-di  place.  1  indicates 

diat  the  firing  of  the  j-th  transition  adds  one  token  to  the  i'th  place. 

•  Cij  =-l  if  there  is  a  directed  arc  fiom  the  i-th  place  to  the  j-th  transition.  -1 

indicates  that  the  firing  of  the  j-th  transition  removes  one  token  fiom  the 
i-th  place. 

if  there  is  no  arc  fiom  the  j-th  transiticm  to  the  i-th  place. 

Example  2J:  The  incidence  matrix  of  the  net  on  Bg.  2.1  is 


25 


tl 

t2 

t3 

-1 

0 

0 

pi 

1 

0 

-1 

p2 

0 

-1 

0 

p3 

0 

1 

-1 

p4 

0 

0 

1 

p5 

Properties 

•  The  marking  of  a  net  can  be  represented  by  a  n  x  1  vector  M,  where  =  M(pi). 
The  i-th  entry  corresponds  to  the  number  of  tokens  in  the  i-th  place. 

•  The  firing  pattern  of  the  net  can  be  represented  by  an  m  x  1  firing  vector  F,  where  Fjis 
die  firing  partem  of  the  i-th  transition. 

•  Given  an  incidence  matrix  C,  an  initial  maridng  M,  and  a  firing  pattern  F,  the  new 
marking  M'  is 

M’*M  +  C*F.  (2.1) 


Example  2.6:  The  matrix  equation  that  corresponds  to  the  firing  ofHg.  2.3  is 


1 

-10  0 

0 

0 

1  0  -1 

1 

1 

M'a 

1 

+ 

0-10 

* 

0 

s 

1 

2 

0  1  -1 

LoJ 

2 

0 

0  0  1 

0 

M  C  F 


2.2.4  Invariants 


(2.2) 


An  incidence  matrix  makes  it  possible  to  use  results  firom  linear  algebra  to  infer  properties  of 
the  net  Much  of  the  literature  is  devoted  to  the  study  of  S-  invariants. 


Definition  2.9 

Given  an  incidence  matrix  C,  an  S'invariant  is  a  n  x  1  non-negative  integer  vector  X  of 
the  kernel  of  i.e.. 


c:t*x»o 


(2.3) 
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Remark:  One  must  pay  particular  attention  to  die  fact  that  S  must  have  non-negadve  integer 
coefficients.  The  rationale  for  this  constraint  results  from  Theorem  2.1,  which  gives  a  physical 
interpretation  to  S-invariants. 

Theorem  2.1 

Let  Mq  be  any  initial  marking,  and  M  be  any  marking  diat  is  reachable  from  Mq  after  a 
sequence  of  firings.  X  is  an  S-invariant  if  and  only  if  for  any  Mg  and  anyM, 

Xr*M=XT*Mo.  (2.4) 

This  relation  is  interpreted  as  a  weighted  conservation  of  tokens.  A  marking  is  by  definition 
a  vector  of  non-negative  integers.  Conservation  of  tokens  must  thus  be  expressed  with 
non-negative  integers. 

Definition  2.10 

If  X  is  an  S-invariant,  the  set  of  places  whose  ccntresponding  components  in  X  are  strictly 
positive  is  the  support  of  the  invariant,  noted  <X>. 

The  support  of  an  S-invariant  is  said  to  be  minimal  if  and  only  if  it  does  not  contain  the 
support  of  another  S-invariant  but  itself  and  die  enq>ty  set 

Theorem  2.2 

If  X^  and  X^  are  two  S-invariants  with  the  same  non  empty  minimal  support,  then  X^  and 
X2  are  linearly  dependent 

Proof. 

Consider  X^  =  [xL  ]  and  X?  *  [x^j],  i  *  By  assumption,  X^  and  X^  are  non  null 
vectors.  Nothing  is  changed  if  it  is  assumed  that  the  support  is  made  out  of  the  first  p, 
0<p^n,  places. 

Define  r  =  mini .  ^  jj  (x^/  x^i)  and m  an  integer  large  enough  so  that  for  every  i 
m*r*x2|  is  an  integer. 

Then  m  ♦  (X^  -  r  ♦X^)  is  an  S-invariant  whose  support  is  strictly  included  in  the  support 
ofX^andX^- 

Indeed,  CT  *  m  ♦  (X^  -  r  ♦X^)  =m*CT*Xi-m*r*Cfr*X2  =  0-  0  =  0.  For  every  i, 
m  *  x^i  -  m  *  r  *  x2|  is  an  integer  (Definition  of  m),  and  xL  -  r  ♦  x^j  is  non  negative 
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CDefinition  of  r).  Finally,  by  definition  of  r  there  exists  some  iO  such  that  r  =  /  x^jq, 

hence  m.(Xi  -  rX2)jo  =  0. 

Consequently,  the  suppOTt  of  m  *  (X'  -  r  ♦  X^)  is  0.  Thus  m  ♦  (X^  -  r  ♦  X^)  is  zero. 

The  vectors  are  linearly  dependent 

D^nition2.11 

A  minimal  support  S-irtvariant  X  is  an  S-invariant  whose  support  <X>  is  minimal. 

The  following  important  result,  due  to  Memmi  and  Roucairol  (1979),  highlights  the 
importance  of  minimal  support  S-invariants.  Valraud  (1989)  presents  an  application  of  this  result 
to  analyze  structural  properties  )f  a  net 

Theorem  2.3 

Consider  a  net  P.  The  set  of  mini  nal  supports  of  the  net  P  is  finite. 

If  <X>i, ...,  <X>k  are  the  k  finite  supports,  and  X^,...,  X^  is  a  family  of  S-invariants, 
with  <Xi>  »  <X>i,  then  the  family  Xi,...,  X,^  constimtes  a  minimal  generating  family  of  the 
S-invariants,  i.e., 

every  S-invariant  can  be  written  as  a  linear  combination  of  Xj,...,  X^  with  rational 
coefficients. 

Definition  2.12 

The  S-component  associated  with  an  S-invariant  X  of  a  Petri  Net  P  is  the  subnet  of  P 
whose  places  are  the  places  of  <X>  and  whose  transitions  are  the  input  and  output 
transitions  of  the  places  of  <X>. 

By  extension,  a  minimal  S-component  is  the  S-component  of  a  minimal  support 
S-invariant 

Example  2.7:  Consider  the  Petri  Net  P  of  Figure  2.5. 
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Rg.2.5  Petri  Net  P 


Tlie  incidoice  matrix  of  P  is 


C 


1  -1  0 

1  0  -1 

-1  1  0 

-1  0  1 


X  a  [xl,  x2,  x3,  x4]  is  an  S-invariant  if  and  only  if  CT  *  X  =  0. 

This  yields  xl  »  x3  a^  x2  >  x4.  There  are  two  minimal  supports  <X1>  »  {pi,  p2} 
and<X2>  ^  {p3,  p4}.  The  S-components  associated  with  <X1>  and  <X2>  are  depicted 
in  Bgures  2.6  and  2.7. 
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Fig.  2.7  S-component  associated  with  <X2>. 


2.2.5  Marked  Graphs 
Definition  2.13 

A  marked  graph  is  a  connected  Petri  Net  in  which  each  place  has  exactly  one  input  and 

one  output  transidon. 

Throughout  this  thesis,  naaiked  graphs  play  an  important  role.  One  crucial  result  about 
marked  graphs  is  Theorem  2.4  (Hillion,  1986).  This  result  has  been  applied  extensively  in  Remy 
(1986)  to  characterize  Petri  Net  model  of  fixed  structure  ^sterns,  and  is  used  in  Chapter  Vn. 

Example  2.8:  The  net  in  Figure  2.1  is  not  a  marked  graph.,  because  this  net  has  two 
sources,  Le.  two  places  without  input  arc,  and  one  sink,  i.e.  a  place  without  output  connector. 
Ingure  2.8  shows  a  marked  gr{q}h. 


p4 


Fig.  2.8  Marked  Graph 
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Theorem  2.4  is  stated  after  the  introduction  of  two  new  terms. 

Definition  2.14 

A  directed  circuit  is  a  directed  path  fiom  one  node  back  to  itself. 

In  Fig.  2.8  pl-tl-p3-t2-p4-t3-pl-tl-p2-t2-p4-t3-pl  is  a  directed  circuit 
A  directed  elementary  circuit  is  a  directed  circuit  in  which  only  one  node  appears 
more  than  once. 

In  Fig.  2.8,  pl-tl-p3-t2-p4-t3-pl  is  a  directed  elementary  circuit.  The  place  pi  is  the 
node  that  appears  more  than  once. 

Theorem  2.4 

The  minimal  S-components  of  a  marked  graph  are  exactly  its  directed  elementary  circuits. 

Theorem  2.4  is  important,  because  it  indicates  that  the  computation  of  the  minimal 
S-components  can  be  done  by  an  efficient  algorithm  based  on  Linear  Algebra,  such  as  the 
algorithm  of  Alaiwan  and  Toudic  (1985). 

In  this  thesis,  a  particular  type  of  nets  are  of  importance.  In  these  nets,  all  the  places  but  two 
have  exactly  one  input  and  one  output  transition.  There  is  one  place  with  only  one  output 
transition  (the  source  or  tiie  external  place)  and  one  place  with  one  and  only  one  input  transition 
(the  sink).  These  nets  can  be  transformed  into  marked  graphs  by  merging  the  external  place  and 
the  sink  into  a  single  place  pO.  Under  those  circumstances,  the  simple  information  flow  paths 
from  the  source  to  the  sink  are  exactly  the  directed  elementary  circuits  that  contain  the  place  pO. 
The  sinq)le  information  flow  paths  can  be  computed  in  that  case  using  the  efficient  algorithm  of 
Alaiwan  and  Toudic.  See  Valraud  (1989)  for  an  extensive  treatment 

2.2.5  PETRI  NETS  WITH  SWITCHES 

The  theory  of  Ordinary  Petri  Nets  does  not  provide  a  convenient  way  to  model  a  stage  at 
which  several  alternatives  exist  For  that  purpose,  a  modified  transition,  a  switch,  has  been 
introduced  in  Levis  (1984). 

A  switch  is  a  node  with  multiple  output  places.  As  with  any  transition,  a  switch  is  enabled 
whenever  there  is  at  least  one  token  in  each  of  its  input  places.  When  a  switch  fires,  a  token  is 
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put  in  only  one  of  its  output  places.  This  place  is  chosen  according  to  some  decision  rule. 

The  decision  rules  associated  with  the  switch  can  be  anything.  They  can  be  deterministic  or 
stochastic.  They  can  take  the  information  that  is  contained  in  the  inputs  into  account,  etc.  It  is 
thus  possible  to  model  distributed  variable  structures  with  switches. 

Example  2.9:  Figure  2.9  represents  a  Petri  Net  with  a  switch. 


p5 


Hg.  2.9  Petri  Net  with  Switch 

At  the  stage  modeled  by  the  switch  si  there  ate  three  alternative  courses  of  action.  According 
to  some  rule,  only  mie  is  chosen.  In  each  case,  the  course  of  action  that  is  chosen  will  satisfy  the 
condition  modeled  by  p5. 

2.3  COLORED  PETRI  NETS 

2.3.1  Introduction 

The  theory  of  Ordinary  Petri  Net  has  some  drawbacks.  First,  when  it  comes  to  the  modeling 
and  analysis  of  real  distributed  systems,  an  Ordinary  Petri  Net  model  may  become  very  large.  A 
detailed  analysis  shows  that  the  size  of  the  nets  tends  to  increase  dramatically  because  the  model 
fails  to  exploit  some  symmetries.  For  exanq^le,  when  one  process  is  used  repetitively, 
unnecessary  replications  of  parts  of  the  net  occur. 

Second,  as  was  stated  in  section  2.2.S,  the  grammar  of  the  theory  is  poor  as  far  as  varying 
structures  are  concerned.  To  overcome  some  difficulties,  switches  were  introduced.  However, 
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these  tools  are  far  from  perfect  Consider  for  ^cample  the  case  of  the  net  cm  Figure  2. 10. 


Process  1.1 


Hg.  2.10  Petri  Net  with  two  Switches 

There  are  two  stages,  si  and  s2,  at  which  scmae  decision  must  be  made.  Each  switch  has 
two  settings  and  each  source  has  one  token.  Switch  si  chooses  the  setting  (2),  and  switch  s2 
chcmses  (2).  This  yields  the  net  and  the  marking  of  Figure  2.11. 


Process  1.1 


Hg.  2.11  Petri  Net  after  Switch  Settings 

The  system  has  reached  a  deadlock!  Process  12  must  receive  some  item  of  information 
from  process  2.1,  but  this  item  will  never  arrive  because  the  toten  of  Source  2  has  been  put  into 
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the  input  place  of  process  22.  Unless  having  a  deadlock  is  a  desirable  property  under  these 
circumstances,  one  can  observe  in  this  example  that  the  settings  of  the  switches  cannot  be 
independent  There  is  a  thus  a  need  for  a  tool  that  indicates  the  correlation  of  the  rules. 
Fiuthermore,  to  be  consistent  with  the  graphical  nature  of  Petri  Nets,  the  conelation  of  the  rules 
should  be  expressed  on  the  graph. 

Finally,  in  most  cases  one  would  like  to  have  the  information  content  of  the  tokens.  This 
information  is  in^rtant  if  the  stmcture  varies  depending  on  the  content,  or/and  if  the  system  can 
handle  several  types  of  tasks  simultaneously,  etc. 

In  order  to  improve  the  modeling  and  analytical  power  of  Ordinary  Petri  Nets,  extensions 
called  High  Level  Nets  have  been  devised.  These  models  are  based  on  common  ideas: 

•  The  tokois  can  be  differentiated.  They  have  an  identity  (color). 

•  The  identity  describes  some  information  about  the  physical  meaning  of  the 
token.  If  a  token  models  a  communications  message,  its  identity  may  be  the  pair 
(Sender,  Receiver),  which  describes  die  source  and  the  destination  of  the  message. 

•  They  provide  a  way  for  describing  the  logic  that  drives  the  control  process  of  the 
transitions. 

2.3.2  Definitions 

Let  us  illustrate  these  notions  by  introducing  Colored  Petri  Nets,  as  defined  in  Jensen 
(1986),  which  are  used  in  die  rest  of  this  thesis  to  model  variable  structure  distributed  systems. 


Definition  2.15 

A  Colored  Petri  Net  (CPN)  is  given  by  ( P,  T,  C(t)t  j,  C(p\  p,  M(p)p  p,  I,  O): 

•  P,  a  set  of  places. 

As  in  Ordinary  Petri  Nets,  a  place  models  a  resource,  a  buffer,  or  a  condition,  and  is 
depicted  by  a  circle  node. 

•  r,  a  set  of  transitions. 

As  in  Ordinary  Petri  Nets,  a  transition  models  a  process,  an  event,  or  an  algorithm  and  is 
depicted  by  a  bar  node. 
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•  Each  transition  t  has  attached  to  it  a  finite  set  of  occurrence-colors  with  TCt  elements: 

C(t)  »  {  C(t)l,  ....  C(t)icJ.  Each  occurrence  color  corresponds  to  one  firing  mode:  to 
one  pattern  of  behavior  of  the  process.  In  the  case  of  Ordinary  Petri  Nets,  when  a  process 
offers  s  >  1  courses  of  action,  it  is  modeled  by  a  switch  with  s  branches.  In  the  case  of 
ColOTcd  Petri  Nets,  every  process  is  modeled  by  a  transition  and  the  set  C(t)  keeps  track 
of  the  alternative  courses  of  action. 

•  Each  place  has  attached  to  it  a  finite  set  of  with  TCp  elements. 

Qp)  -  {C(p)l,  ..,C(p)7Cp}.  Each  token  color  corresponds  to  one  type  of  information 
content  attached  to  a  token.  Only  tokens  that  have  their  color  in  C(p)  can  be  placed  in  p 
and  one  place  can  simultaneously  contain  several  tokens  with  the  same  color. 
Conversely,  one  place  can  contain  tokens  of  different  types,  provided  that  their  color 
belongs  to  C(p). 

•  The  marking  of  a  place  is  a  iCpX  1  vector  M(p) 

^(p)  =  [fii>  where  fij  indicates  that  p  contains  Bj  tokens  of  color  C(p)i. 

Finally,  the  input  and  output  incidence  functions  I  and  O  are  are  such  that: 

•  I(p,t)is  aitpXTCfmatrix  for  any  transition  t  and  any  place  p. 

The  rows  correspond  to  the  elements  of  the  set  of  token  colors,  C^)),  that  is  the  colors  of 
the  tokens  that  can  be  put  in  the  place  p.  The  columns  correspond  to  the  elements  of  the 
set  of  occurrence  colors  of  t,  C(t),  the  alternative  courses  of  actions. 

I(p.t)  i  j  describes  the  niunber  of  tokens  of  color  C(p)i  that  are  removed  from  the  place  p, 
when  the  transition  t  fires  according  to  the  firing  mode  j. 

If  sonoe  entries  of  I(p,  t)  are  non  null,  an  arc  is  drawn  fit>m  the  place  p  to  the  transition  t 
in  the  graphical  representation  of  the  Colored  Petri  Net.  This  arc  is  annotated  by  the 
noatrix  I(p,  t). 

•  0(p,t)is  ajCpXjtfmatrix  for  any  transition  t  and  any  place  p. 

The  rows  correspond  to  the  elements  of  the  set  of  token  colors,  C(p),  the  colors  of  the 
tokens  that  can  be  put  in  the  place  p.  The  columns  correspond  to  the  elements  of  the  set  of 
occurrence  colors  of  t,  C(t),  the  alternative  courses  of  actions. 

0(p,t)  i  j  describes  the  number  of  tokens  of  color  C(p)i  that  are  put  in  the  place  p, 
when  the  transition  t  fires  according  to  the  firing  mode  j. 

If  some  entries  of  0(p,  t)  are  non  null,  an  arc  is  drawn  from  the  place  p  to  the  transition  t 
in  the  graphical  representation  of  the  Colored  Petri  Net  This  arc  is  annotated  by  the 
matrix  0(p,  t). 
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2.3.3  Examples 


Let  us  develop  two  examples  to  understand  the  concepts  of  Colored  Nets. 

Example  2. 10:  Consider  a  mail  clerk  sorting  mail.  This  clerk  sorts  the  mail  for  three  people 
and  has  to  put  it  in  appropriate  boxes.  Suppose  that  the  initials  of  the  persons  are  J,  RN,  and  RT. 
The  job  of  sorting  the  mail  can  be  represented  by  a  Coined  Petri  Net  in  Figure  2.12. 


In  this  example,  every  place  contains  tokens,  which  represent  letters.  It  is  thus  very  natural 
to  assume  that  the  color  of  the  tokens  belong  to  {<J>,  <RN>,  <RT>},  the  names  on  the 
envelope. 

Place  pi  stands  for  the  letters  to  be  sorted.  Its  Color  set  is  {<J>,  <RN>,  <RT>},  as  this 
place  can  contain  any  combination  of  letters  to  be  distributed  to  J,  RN,  and  RT.  The  initial 
conditions  depicted  on  Figure  2.12  are  that  two  letters,  one  for  J  and  one  for  RN  have  to  be 
sorted. 

Place  p2  models  Ps  mailbox,  which  contains  exclusively  the  letters  for  J,  C(p2)  =  {<J>). 
Similarly,  p3  is  the  mailbox  for  RN,  and  C(p3)  =  {<RN>}.  Finally,  the  place  p4  is  the  mailbox 
for  RT,  and  C(p4)  =  (<RT>}. 

The  transition  t  models  sorting.  The  clerk  has  three  courses  of  actions,  which  have  also  been 
labeled  by  <J>,  <RN>,  and  <RT>.  J  models  the  fact  that  the  clerk  is  sorting  some  mail  for  J, 
<RN>  models  sorting  mail  for  RN,  and  <RT>  models  putting  mail  into  RTs  mailbox. 
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The  arcs  of  the  CPN  have  been  annotated  by  the  matrices  I,  U,  V,  W,  where  I  is 

<J><Wt><RT> 

'l  0  0]<J> 

1=  0  1  0 
.0  0  lJ<R'K> 

I  indicates  that  the  clerk  takes  only  one  letter  for  J  when  he  sorts  mail  for  J,  that  he  takes  one 
letter  for  RN  when  he  sorts  mail  for  RN,  and  that  he  takes  only  one  letter  for  RT  when  he  sorts 
mail  for  RT.  The  other  matrices  that  annotate  the  arcs  are 

(J)  (RN)  (RT)  (J)  (RN)  (RT)  (J)  (RN)  (RT) 

U  =  (l  0  0]  V=[0  1  0]  W  =  [0  0  1]. 

U  indicates  that  one  letter  is  put  into  Ts  mailbox  if  the  clerk  sorts  mail  for  J. 

V  indicates  that  one  letter  is  put  into  RN's  mailbox  only  if  the  clerk  smts  mail  for  RN. 

W  indicates  that  one  letter  is  put  into  RTs  box  if  and  only  if  the  clerk  sorts  mail  for  RT. 

This  example  is  simple,  because  the  token-colors  are  natural^  and  because  the  firing  modes 
of  t  correspond  exactly  to  the  token-colors.  Note  that  this  is  variable  system,  the  clerk  puts  the 
mail  in  different  mailboxes,  depending  on  the  name  on  the  envelope.  Example  2.1 1  describes  a 
Colored  Petri  Net  that  is  less  obvious. 

Example  2.11: 

Hgure  2. 13  represents  another  (Colored  Petri  Net 
The  set  of  places  is  P  =  {pi,  p2,  p3,  p4,  p5}. 

The  set  of  transitions  is  T  =  {tl,  t2,  t3}. 

The  set  of  token-colors  for  pi  and  p2  is  A  =  (al,  a2}. 

The  set  of  token-colors  for  p3  and  p4  is  B  =  {  bl .  b2} . 

The  set  of  token-colors  for  p5  is  C  =  {cl,  c2,  c3). 

The  transitions  tl  and  t2  have  two  firing  modes,  which  are  labeled  1  and  2. 

The  transition  t3  has  three  firing  modes,  which  are  labeled  1, 2,  and  3. 
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B  {1.2}  B 

Fig.  2,13  Colored  Petri  Net 


where  the  matrices  that  annotate  the  arcs  are 


•  LI  indicates  that  the  first  firing  mode  of  tl  (first  column  of  LI)  removes  one  token  of 
color  al  from  pi,  and  places  one  token  in  p2.  The  second  firing  mode  (second  column) 
removes  one  token  of  color  al  and  one  token  of  color  a2,  and  places  both  in  p2 . 

•  L2  indicates  that  the  first  firing  mode  of  t2  removes  one  token  of  color  bl  from  p3,  and 
places  it  in  p4.  The  second  firing  mode  i%nx>ves  a  token  of  color  b2.  and  places  it  in  p4. 

•  L3  indicates  that  the  first  two  firing  modes  of  t3  remove  one  token  of  color  al  from  p2. 
The  third  firing  mode  removes  one  token  of  color  a2. 

•  L4  indicates  that  the  first  firing  mode  of  t3  removes  one  token  of  color  bl  fixjm  p4.  The 
other  two  firing  modes  remove  one  token  of  color  b2. 

•  LS  indicates  that  all  firing  modes  of  t3  place  one  token  of  color  cl  in  pS. 

2.3.4  Firing  Rules 

The  firing  rules  for  Colored  Nets  are  similar  to  those  of  Ordinary  Petri  Nets.  The  firing 
mode  C(t)i  is  enabled  for  the  transition  t  if  and  only  if  each  input  place  of  t  contains  at  least  the 
colored  tokens  that  are  indicated  by  the  i-th  column  of  I(p,t).  An  enabled  transition  can  fire  if  at 
least  one  of  its  firing  modes  is  enabled.  If  the  transition  t  fires  according  to  the  firing  mode  C(t)i, 
the  colored  tokens  that  are  indicated  by  the  i-th  column  of  I(p,t)  are  removed  from  each  input 
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place  p.  Fot  each  output  place  p',  colored  tokens  that  correspond  to  the  i-th  column  of  0(p’,t)  are 
added  to  the  place  p’. 


One  transition  may  fire  concurrently  according  to  several  modes,  Le.  a  process  may  be  able 
to  handle  tasks  of  different  natures  at  the  same  time.  Within  each  category,  i.e.  given  one  firing 
mode,  several  tasks  of  the  same  nature  may  be  processed  concurrently.  The  firing  pattern  of  a 
transition  in  a  Colored  Petri  Net  is  thus  given  by  a  ntXl  vector  Ft,  where  [FJi  describes  the 
number  of  concurrent  activations  of  the  i-th  firing  mode.  If  the  firing  pattern  of  the  transition  is 
Fj^  then  the  combination  of  colored  tokens  indicated  by  the  i-th  column  of  I(p,  t)  is  removed  [FJi 
times  from  each  input  place  p.  Similarly,  the  combination  of  colored  tokens  indicated  by  the  i-th 
column  of  I(p',  t)  is  added  [FJi  times  to  every  output  place  p*. 


Example  2.12: 

In  the  CPN  of  Fig  2. 12,  only  the  first  mode  of  tl  and  the  second  mode  of  t2  are  enabled: 

•  The  input  place  of  tl,  pi,  contains  only  one  token  of  color  al.  LI,  the  aimotation  of  the 
adjacent  arc  is 


LI* 


1 

1 

0 


2 

1 

1 


al 

a2 


The  firing  mode  1  removes  one  token  of  color  al.  The  initial  marking  of  pi  enables 
this  firing  mode.  This  is  not  the  case  for  firing  mode  2,  because  pi  does  not  contain  a 
token  of  color  a2.  Finally,  as  pi  contains  one  and  only  one  token  of  color  al,  tl  can 
process  at  most  one  task  al,  and  F(t)i  is  either  0  or  1. 

•  The  input  place  of  t2,  p3,  contains  only  one  token  of  color  b2.  L2,  the  aimotation  of  the 
adjacent  arc  is 


1 


L 


2 

ol  bl 

1  b2 


Firing  mode  1  removes  one  token  of  color  bl.  The  marking  of  p3  does  not  enable 
this  firing  mode.  This  is  not  the  case  for  firing  mode  2,  because  p3  does  contain  a 
token  of  color  b2.  Finally,  as  p3  contains  one  and  only  one  token  of  color  b2,  t2  can 
process  at  most  one  task  b2,  and  F(t)2  is  either  0  or  1 


If  tl  fires  according  to  the  firing  mode  1,  and  t2  according  to  its  firing  mode  2,  the  marking 
of  the  net  is  changed  into  the  marking  of  Figure  2.14. 
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B  {1.2}  B 

Rg.  2.14  Colored  Petri  Net  after  Bring 


2.3.5  Incidence  Matrix 

A  Colored  Petri  Net  with  n  places  and  m  transitions  can  be  represented  by  a  n  x  m  block 
matrix  C:  die  Inddence  Matrix.  The  entries  of  die  matrix  are  diemselves  matrices. 

The  rows  coirespond  to  places,  the  columns  correspond  to  transitions. 

•  Cij  -  O(t^)  if  there  is  a  directed  arc  from  the  j-th  transition  to  the  i-th  place.  0(t,p) 
indicates  the  colored  tdcens  that  can  be  added,  as  determined  by  die  firing  modes. 

•  Cij  *  if  there  is  a  directed  arc  from  the  i-th  place  to  the  j-th  transition.  -I(t,p) 

indicates  the  colored  tokens  that  can  be  removed,  as  determined  by  die  firing  modes. 

•  Cij  =  Null  matrix  if  there  are  no  arcs. 

The  marking  of  a  net  can  be  represented  a  nxl  block  vector  M,  where  =  M(pi).  The 
i-th  entry  corresponds  to  die  colored  tokens  in  the  i-di  place.The  i-th  entry  is  dius  a  column  with 
one  row  for  each  element  of  C(pi). 

The  firing  pattern  of  the  net  can  be  represented  by  a  mxl  firing  vector  F,  where  Fj,  the  entry 
that  corresponds  to  the  j-th  transition,  is  itself  a  vector  with  entries,  i.e.  as  many  rows  as 
firing  modes  of 

Given  an  incidence  matrix  C,  an  initial  marking  M,  and  a  firing  pattern  F  the  new  marking  is 

M'«M  +  C*F  (2.5) 
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Exaflople  Z13: 

The  Colored  Petri  Net  of  Fig.  2. 12  has  the  following  Incidence  matrix: 


C 


-LI  0  0 

LI  0  -L3 
0  -U  0 
0  L2  -L4 
0  0  L5 


The  initial  maridng  is  given  by: 


M= 


M(pl) 

Mi)2) 

M(p3) 

MCp4) 

-  M[p5). 


,  with  M(pl)  = 


M(p3) 


fol 

o' 

,M(p5)  = 

■f 

llj 

,M(p2)=M(p4)  = 

0 

0 

.0. 

The  place  pi  contains  only  one  token  of  color  al,  p3  ccmtains  only  one  tdten  of  color  b2,  p2 
and  p4  contain  no  tokens,  and  p5  contains  only  one  token  of  color  cl.  Finally,  the  firing  pattern 
of  Fig.  2. 13  coiresponds  to 


'fi' 

F2 

,  with  FI  = 

l' 

n 

,F2» 

,F3  = 

'o' 

0 

.F3. 

.0. 

This  chapter  introduced  basic  concepts  of  Ordinary  Petri  Net  theory  and  Colored  Petri  Net 
theory.  Only  the  notions  that  are  of  relevance  in  the  subsequent  chapters  have  been  defined,  and 
the  reader  may  find  more  material  in  the  references  given  in  the  introduction  of  this  chapter. 
Next,  diis  thesis  turns  to  review  of  equivalence  reladcms  and  partial  orderings. 
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CHAPTER  ffl 


EQUIVALENCE  RELATIONS  AND  LATTICES 


This  chapter  gives  basic  results  about  equivalence  relations  and  lattices.  The  fundamental 
theorem  of  section  32  about  equivalence  relations  is  used  in  Chapter  VII  to  characterize  variable 
structures.  Lattice  theory  is  used  extensively  in  Chapters  IV,  VI,  and  vn  to  address  the 
generation  of  structures.  Complementary  matmal  on  lattices  can  be  found  in  Birkhoff  (1948) 
and  GrStzer  (1971).  Relationships  between  lattices  and  graphs  are  explained  in  Carr6  (1979). 

3.1  DEFINITIONS. 

Definiticm  3.1 

A  relation  R  mi  a  set  A  is  called  a  binary  relatimi  if  and  mily  if 
V  (x,y)  €  A^  the  condition  x  R  y  eitho:  does  or  does  not  hold. 

In  other  words,  for  each  (x,  y)  "x  R  y"  is  meaningful,  being  either  tme  or  false. 

Example  3.1:  Let  A  be  the  set  of  graduate  students  at  MIT,  and  R  be  the  relation  "is  in 

die  same  department"  R  is  a  binary  relation. 

Definiticm  3.2 

A  relation  R  on  a  set  A  is  an  equivalence  relation  if  and  <mly  if 

•  R  is  reflejdve:  V  x  €  A  x  R  x. 

•  R  is  symmetric:  V  (x,y)  e  A^  (x  R  y)  =>  (y  R  x). 

•  R  is  transitive:  V  (x,y,z)  e  A^  (x  R  y)  and  (y  R  z)  ^  (x  R  z). 

Exan^le  3.2:  The  relaticm  R  defined  in  Example  3.1  is  an  equivalmice  relation. 
Definiticm  3.3 

A  relation  R  on  a  set  A  is  an  orderings  if  and  only  if 

•  R  is  reflexive:  V  x  €  A  x  R  x. 
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•  R  is  antisymmetric: 

•  R  is  transitive: 


V  (x,y)  6  (x  R  y)  and  (y  R  x)  =»  (x  =  y). 

V  (x,y,z)  €  (x  R  y)  and  (y  R  z)  (x  R  z). 


Example  3.3: 

•  In  (0,1)  the  relation  "is  smaller  than",  denoted  by  ^  is  an  ordering. 

•  Let  S  be  the  set  of  vectors  with  three  entries  in  {0,1}:  X=[xi,  X2,  X3]  x^,  X2,  X3  in 
(0,1 } .  Define  on  S  the  relation  «  : 

X«Y,  X  =  [xi,X2,X3]  Y  =  [yj,  y2,  ya],  if  and  only  if 

xi^yi  X2^y2  X3^y3. 

It  is  easy  to  conclude  that  « is  an  ordering  of  S. 

•  A  last  classical  example  is  the  relation  "is  included  in"  among  sets,  which  is  an  ordering. 
In  this  thesis,  the  ordering  "is  included  in"  is  used  essentially  to  order  the  elements  of  the 
set  P(X),  the  set  that  contains  all  the  subsets  of  a  given  set  X. 

Definition  3.4 

An  ordering  R  of  a  set  A  is  a  total  ordering  if  and  only  if 
Given  any  (x,  y)  e  A^  either  x  R  y  or  y  R  x. 

If  an  ordering  is  not  a  total  ordering,  it  is  called  a  partial  ordaing. 

Example  3.4: 

•  The  set  of  real  numbers  is  totally  ordered  by  the  binary  relation  "is  smaller  than"  (^. 

•  The  set  S  of  example  3.2  is  not  totally  ordered  by  «.  Neither  [  1,  0, 0]  «  [0, 1,  0]  nor 
[0, 1, 0]  «  [  1, 0, 0]  are  true. 

•  ThesetP(X)  is  not  totally  ordered  by  the  ordering  "is  included  in". 

3.2  EQUIVALENCE  RELATIONS 

There  is  an  important  connection  between  equivalence  relations  on  a  set  A  and  partitions  of 
A  into  disjoint  subsets,  as  expressed  in  the  following  theorem  (Carr6, 1979). 

Theorem  3.1 

Every  equivalence  relation  on  a  set  A  induces  a  partition  of  A  into  disjoint  subsets,  called 
equivalence  classes.  Conversely,  given  any  partition  of  A  into  disjoint  subsets  Pi,...,  P^, 
there  exists  an  equivalence  relation  whose  equivalence  classes  are  exactly  Pi,...,  P^. 


43 


Proof: 

1)  Let  R  be  an  equivalence  relation  on  A.  For  each  element  x  let  us  define  the  set 

=  {y  in  A  s.t  X  R  y } .  Note  that  R  reflexive  implies  that  for  every  x,  x  e 
For  each  pair  (x,  y)  e  A^,  the  equivalence  classes  are  either  equal  or  disjoint  with 

Eju  =  Er^  if  X  R  y. 

ER^nER,yS0  if  X  R  y  does  not  hold. 

This  is  easily  seen  from  die  definidon  of  an  equivalence  relation.  Since  every  element  of 
A  belcmgs  to  some  equivalence  class,  and  distinct  equivalence  classes  are  disjoint,  the  set 
of  all  equivalence  classes  is  a  partititMi  of  A  induced  by  R. 

2)  Conversely,  given  any  partition  P  of  a  set  A  into  disjoint  subsets  Pi,...,  P^,  let  us  define 
the  relation  R  c»i  A  by: 

X  R  y  if  and  only  if  x  and  y  belong  to  the  same  P^. 

One  can  easily  be  (xxivinced  that  this  is  an  equivalence  relation,  and  that  the  equivalence 
classes  with  respect  to  R  are  exactly  P},...,  Pj^. 

3.3  ORDERINGS 

An  ordered  set  can  be  depicted  very  conveniently  by  a  diagram,  called  the  Hasse  diagram. 
In  this  diagram,  each  element  is  represented  by  a  point,  so  placed  that  if  x  R  y  then  the  point 
representing  x  lies  below  the  point  representing  y.  Lines  are  drawn  between  two  points  x  and  y  if 
and  only  if  y  covers  x,  i.e.,  x  R  y  but  there  is  no  element  z,  z  x,y  such  that  x  R  z  R  y.  Figure 
3.1  shows  the  Hasse  diagram  of  die  set  S  described  in  Example  3.3. 

[1.  1,  1] 

^  t  ^ 

[1,1,0]  [0,1,1]  [1,0,1] 

[1,0,0]  [0,1,0]  [0,0,1] 

^  t  ^ 

[0,0,0] 

Fig.  3.1  Hasse  Diagram 
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If  a  set  is  ordered,  totally  or  partially,  some  elements  with  remarkable  properties  must  be 
distinguished.  In  the  next  paragraphs,  some  of  these  elements  are  defined. 

Definition  3.5 

Let  R  be  an  ordering  of  A. 

•  If  A  contains  an  element  O)  such  that  coR  x  for  all  x  in  A,  then  OD  is  unique,  and  is  called 
the  least  element  of  A. 

•  If  A  contains  an  element  Q  such  that  x  R  for  all  x  in  A,  then  Q  is  unique,  and  is  called 
iht  greatest  element  of  A. 

Remark:  These  elements  do  not  always  exist  For  example,  in  S,  these  elements  exist.  The 
least  element  is  [0, 0, 0],  and  the  greatest  element  is  [1, 1, 1].  However,  if  «  is  restricted  to  the 
subset  of  s  S  -  ([0, 0, 0],  [1, 1,1]},  it  is  impossible  to  find  a  greatest  and  a  least  element 

Definitidi  3.6 

•  An  element  m  of  A  is  a  minimal  element  if  there  does  not  exist  any  element  in  A  that  is 
strictly  inferior  to  m: 

X  ^  m  implies  x  »  m. 

•  An  element  M  of  A  is  a  maximal  element  if  there  does  not  exist  any  element  in  A  that  is 
strictly  superior  to  M: 

M  ^  X  implies  x  =  M 


Theorem  3.2  (Birkhoff,  1948) 

Every  finite  ordered  set  A  has  at  least  one  minimal  and  one  maximal  element 
Proof:  Let  the  elements  of  A  be  x^,...,  x„.  Define  the  finite  sequences  n\  and  Mjj  by: 

mj  =  Ml  =  Xi 

m]^  =  X](  if  X](  ^  m^  and  n\  =  mij.i  otherwise 
=  x^  if  ^  x^  and  =  M^.i  otherwise. 

Then  iOq  is  by  construction  a  minimal  element  of  A,  and  M„  is  by  construction  a 
maximal  element 
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Exan^Ic  3.6: 


bi  S  -  {[0,  0,  0],  [1,  1,  1]}  we  have  three  minimal  elements,  and  three 
maximal  elements. 

The  minimal  elements  are  [1, 0, 0],  [0, 1, 0],  [0, 0, 1]. 

The  maximal  elements  axe  [1. 1, 0],  [1, 0, 1],  [0, 1, 1]. 


3.3  LATTICES 

If  the  set  is  totally  ordered,  its  structure  is  particularly  simple.  In  most  cases  however,  an 
ordering  is  not  total.  In  order  to  gain  some  insights  into  the  structure  of  the  set,  some  new 
concepts  are  needed.  For  that  purpose  the  notitm  of  lattice  is  introduced,  which  is  based  on  local 
properties  of  the  set 

Definition  3.7 

Let  B  be  a  subset  of  a  partially  ordered  set  A. 

•  An  iq^per  bound  of  B  is  an  element  of  A  such  that  y  ^  a  for  all  y  in  B. 

The  least  upper  bound  (Lu.b)  B,  if  it  exists,  is  the  least  element  of  the  set  of  all  upper 

boimds  of  B. 

•  By  analogy,  the  greatest  lower  bound  (g.l.b)  is  die  greatest  element  if  it  exists,  of  the  set 
of  all  lower  bounds  of  B. 

Example  3.7:  Let  B  be  { [0, 0, 0],  [1, 0, 0],  [0, 1, 0] }.  B  is  a  subset  of  S. 

It  has  a  Lu.b,  which  luqipens  to  belong  to  B:  [0, 0, 0]. 

It  has  a  g.Lb,  which  does  not  belong  to  B:  [1, 1, 0]. 

Definiti(»  3.8 

A  lattice  is  a  partially  ordered  set  L  in  which  any  two  elements  x,y  have 

•  a  gJ.b  KX  meet  (denoted  by  xny )  that  belongs  to  L. 

•  a  l.u.b  or  join  (denoted  by  xuy )  that  belongs  to  L. 

By  extension,  L*  is  a  sublattice  of  a  lattice  L  if  and  only  if  L'  is  a  subset  of  L  such  that  the 
join  and  meet  of  any  two  elements  of  L'  are  in  L'. 

Figure  3.2  illustrates  the  local  condition.  Gi>^  two  elonents  x  and  y,  tiiere  exists  (»ily  (xie 
element  in  the  Hasse  diagram,  the  join,  which  covm  botii  x  and  y.  Similarly,  there  is  (xily  one 
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element,  the  meet,  which  is  simultaneously  covered  by  both  x  and  y. 


Fig.  3.2  Local  Condition 


The  lattice  property  ensures  that  the  set  L  has  some  structuring  patterns.  It  is  possible  to 
identify,  for  any  two  elements  x  and  y,  two  unique  boundaries  in  L,  the  join  and  the  meet.  Every 
element  that  is  below  x  and  y  must  be  below  the  join.  Any  element  that  is  above  x  and  y  must  be 
above  the  meet 

Remark:  Every  Lattice  L  has  a  least  and  a  greatest  element  The  least  element  is  the  join, 
which  belcmgs  to  L,  of  all  the  elements  of  L.  The  greatest  element  is  the  noeet  of  all  the  elements 
of  L,  This  meet  belongs  to  L,  by  definition  of  the  lattice. 

Example  3.8: 

•  S  is  a  lattice. 

On  (0, 1}  the  join  and  meet  operators  are  defined  as: 

0n0  =  0  0u0»0 

Onl-0  Oul-1 

lo0=0  lu0*l 

lnl»l  lul»l. 

The  q)erators  are  extended  on  a  component-wise  basis: 

XnY«[xinyi,  X2ny2, 

XuY«[xiUyi,  X2Uy2,  X3Uy3]. 
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•  Let  X  be  a  set,  and  P(X)  be  the  set  of  all  subsets  of  X.  (P(X)  is  a  lattice  with  the  partial 
ordering  "is  included  in'*. 

The  meet  of  two  subsets  of  X,  A  and  B,  is  the  intersection  A  n  B. 

The  join  of  two  subsets  of  X,  A  and  B,  is  the  intersection  A  u  B. 

Definition  3.9 

If  Xi,  X2, ....  Xq  are  n  elements  of  a  lattice  L,  the  sublattice  generated  by  the  n  elements 
Xi,  X2,...,  Xq  in  performing  join  and  meet  operations  is  called  the  lattice  polynomial,  and  is 
denoted  by  L(  Xj,  X2,...pc^ ). 


This  last  notion  plays  an  important  role  in  Chapter  Vn  for  a  constructive  characterization  of 
variable  structure  systems.  After  this  brief  review  of  orderings  and  equivalence  relations,  the  next 
chapter.  Chapter  IV,  introduces  the  reader  to  the  fundamentals  of  the  theory  of  Distributed 
Intelligence  Systems.  Some  of  the  results  of  this  chapter  are  used  in  Chapter  IV,  while  most  of 
them  recur  throughout  this  thesis. 
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CHAPTER  IV 


DISTRIBUTED  INTELLIGENCE  SYSTEMS 


This  chapter  is  an  introduction  to  the  methodology  developed  in  this  thesis.  Section  4.1 
provides  basic  concepts  of  distributed  intelligence  systems.  Section  4.2  restricts  the  scope  of  the 
thesis  to  the  modeling  and  the  design  of  a  particular  class  of  systems,  called  variable  structure 
systems.  Each  system  in  that  class  is  characterized  by  several  parameters  that  are  described  in 
section  4.3.  A  unified  framework  to  represent  variable  structure  systems  is  defined  in  Section 
4.4.  Finally,  sections  4.4  and  4.5  provide  notions  and  results  to  study  variable  structures 
systems.  The  relationships  between  variable  structure  systems  and  Colored  Petri  Nets  are 
described  in  Chapter  V. 

4.1  BASIC  CONCEPTS 

This  thesis  models  a  class  of  distributed  intelligence  systems,  teams  of  decisionmakers 
(Grevet  et  aL,  1988;  Levis,  1988).  A  team  is  defined  as  a  number  of  persons  working  together  to 
accomplish  a  task.  The  team  members  have  a  common  goal.  They  share  the  same  interests  and 
beliefs.  Their  skills  must  be  coordinated  under  well-specified  rules  of  operation  so  as  to  achieve 
high  efficiency.  The  human  decisionmakers  are  assumed  to  be  well  trained,  to  execute  well 
defined  tasks,  and  to  be  constrained  by  bounded  rationality  (Boettcher  and  Levis,  1982).  The 
latter  notion  refers  to  a  limited  ability  of  human  beings  to  process  information.  While  performing 
his  tasks,  the  decisionmaker  may  decide  to  use  a  decision  aid  (Perdu  et  aL,  1988). 

The  objects  are  the  components  necessary  to  carry  out  the  task.  They  are  physical, 
technological,  and  human  components,  which  receive,  process,  generate,  and  transmit 
information.  They  include  the  members  of  the  team,  communication  devices,  computers, 
software,  decision-aids,  etc.  From  the  organizational  perspective,  the  objects  have  synergistic 
activities.  The  individual  processes  result  from  partitioning  the  organizational  task  into  subtasks. 
It  is  necessary  to  combine  the  results  of  the  different  processes  to  perform  the  mission. 
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The  structure  is  the  description  of  the  relationships  between  objects,  as  determined  by  the 
objectives  of  the  mission.  These  relationships  can  be  considered  at  different  levels;  they  may 
describe  the  physical  position  of  such  elements  (location,  layout  in  a  room);  they  may  describe 
the  communication  links,  or  the  rules  and  protocols  that  trigger  sending  of  information  through 
these  links;  they  may  describe  the  way  tasks  perfcsmed  by  the  objects  are  coordinated. 

The  objects,  the  structure,  and  the  interface  with  the  rest  of  the  universe  form  the  system. 
The  system  can  be  thought  as  an  entity  because  of  these  relationships.  The  system  is  included  in 
an  environment,  which  in  turn  is  part  of  a  context. 


' 

c 

System 

, 

Context 


Fig.  4.1  The  System  and  the  Rest  of  the  Universe 

The  Environment  is  the  pan  of  the  universe  on  which  the  system  has  some  ability  to  act 
The  system  can  sense  the  environment,  and  acts  upon  it,  if  necessary.  Reciprocally,  the 
environment  can  act  upon  the  system.  The  Context  denotes  the  rest  of  the  Universe:  the  set  of 
conditions  and  assumptions  within  which  system  and  environment  exist.  The  context  has  some 
influence  on  the  system,  yet  the  system  cannot  act  on  it 

In  general,  the  mission  is  to  achieve  a  particular  (desired)  state  of  the  environment  given  a 
specific  context  For  that  purpose,  the  system  senses  the  environment  with  sensors.  The  inputs 
to  the  system  are  the  observations  or  messages  carried  out  by  the  sensors.  These  items  of 
information  are  transmitted  to  their  proper  destinations  within  the  organization.  They  are 
analyzed,  and  the  selected  response  is  finally  implemented  by  the  Rectors. 

4.2  VARIABLE  STRUCTURES 

This  thesis  focuses  on  one  body  of  research  about  distributed  intelligence  systems,  the 
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modeling  and  generation  of  structures,  as  opposed  to  the  design  of  efficient  objects,  accurate 
sensors,  responsive  effectors  etc.  There  are  two  main  reasons  for  this  choice. 

•  One  reason  has  to  do  with  current  engineering  practice.  Systems  are  being  developed 
without  much  consideration  of  the  impact  of  structure  on  performance.  The  requirements 
for  a  system  are  translated  into  a  natural  structure.  Typically,  only  small  variations  around 
that  basic  structure  only  investigated.  Most  of  the  effort  is  concentrated  on  designing 
efficient  objects.  Over  the  last  decade,  the  engineering  community  has  realized  that 
considerable  improvement  in  performance  could  be  achieved  by  optimizing  over 
structure.  There  is  thus  a  need  to  investigate  the  whole  set  of  structures  that  makes  sense 
given  the  requirements  for  a  system. 

•  The  second  reason  is  that  little  is  known  about  the  generation  of  structures.  The  generic 
problem  of  investigating  the  whole  set  of  structures  is  computationally  too  demanding, 
due  to  its  combinatorial  nature.  There  is  thus  a  need  to  highlight  some  properties  of  this 
set  in  order  to  gain  some  understanding  of  it. 

4.2.1  Variability 

The  structure  of  a  system  can  exhibit  some  properties  that  are  defined  below.  It  must  be 
noted  that  throughout  this  thesis,  the  emphasis  is  on  describing  how  the  stmcture  is  influenced 
by  the  inputs,  as  opposed  to  a  description  of  the  information  content  of  the  interaction. 

Definition  4.1 

A  structure  is  fixed  if  the  relationships  between  objects  remain  constant,  whatever  the 
mission,  the  state  of  the  environment,  or  the  context  Reciprocally,  a  structure  is  variable  if  the 
interactions  between  objects  can  vary. 

Of  course,  variable  structure  systems  are  far  more  common  than  fixed  strucmre  systems. 
However,  a  well  developed  body  of  theory  has  been  developed  only  for  the  latter.  This  thesis 
makes  an  effort  to  extend  results  that  have  been  obtained  on  fixed  structures  systems  to  the  much 
larger  class  of  variable  structure  systems.  It  is  convenient  to  distinguish  three  mechanisms  that 
trigger  variability  (Monguillet,  1988).  Each  mechanism  focuses  on  one  aspect  of  variable 
structure  that  is  of  practical  relevance.  A  system  is  said  to  be 

•  Type  1 -variable,  if  it  adapts  its  structure  to  the  input  it  processes.  For  example,  one 
pattern  of  interactions  may  yield  a  higher  efficiency  than  others  for  a  given  input. 
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•  Type  2-variable,  if  it  adapts  its  structure  of  interactions  to  the  environment. 
The  performance  of  a  given  structure  may  depend  strongly  on  the  state  of  the 
environment  A  structure  may  accomplish  its  mission  perfecdy  if  the  arrival  rate  of  the 
inputs  is  low.  This  stracture  may  not  be  the  optimal  one  if  the  arrival  rate  is  high.  There 
may  be  a  need  to  change  the  reladonships  between  objects. 

•  Type  3-variable,  if  it  adapts  its  structure  of  interactions  to  the  system's  parameters.  In 
case  of  failure  or  destruction  of  some  components,  for  example,  it  might  not  be  possible 
to  accomplish  the  mission  with  the  current  stmcture.  The  system  has  to  be  reconfigured. 

Of  course,  a  particular  system  may  exhibit  simultaneously  the  three  types  of  variability;  the 
Airport  Surface  Traffic  Control  system  (ASTC)  is  an  example.  This  distributed  intelligence 
system  is  treated  in  more  depth  in  Chapter  VUI.  It  monitors  the  landings  and  the  takeoffs  as  well 
as  the  movements  of  planes  in  an  airport  and  in  its  immediate  vicinity.  The  interaciions  between 
air  traffic  controllers  are  Type  1 -variable  if  they  change  depending  on  the  planes,  their 
destination.  The  interactions  arc  Type  2-variablc  if  they  change  depending  on  the  weather 
conditions.  The  interactions  between  controllers  arc  Type  3-variable  if  they  change  when  some 
radar  or  some  communication  networks  do  not  function  properly.  In  order  to  limit  the  scope  of 
the  thesis,  assumption  4. 1  is  made 

Assumption  4.1 

This  thesis  models  structures  whose  variability  is  triggered  by  parameters  that  are  external 
to  the  system,  can  be  sensed  by  some  processes,  and  can  be  communicated  to  the  objects. 

The  model  obviously  encompasses  Type  1  variability  because  the  sensors  communicate 
observations  to  some  objects.  The  model  addresses  also  Type  2  variability,  if  the  parameters  that 
characterize  the  state  of  the  environment  can  be  assessed  by  some  objects  from  a  source  of 
information.  The  weather  condition  is  an  example  of  the  latter  type  in  the  ASTC  system.  Even 
though  the  Control  Tower  does  not  have  a  sensor  that  describes  explicitly  the  condition  on  the 
field,  the  controllers  can  assess  it  by  looking  outside.  In  the  rest,  the  term  variable  is  restricted  to 
mean  variability  as  defined  in  this  paragraph,  the  term  inputs  is  used  to  mean  the  observations  of 
the  sensors  as  well  as  the  parameters  of  the  environment,  and  the  expression  variable  structure 
stands  as  a  short  hand  for  variable  structure  systems. 
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4.2.2  Functional  Approach 


The  modeling  approach  follows  the  formulation  (Levis,  1988)  of  the  research  issues  for 
distributed  intelligence  systems  within  the  framework  advocated  by  Minsky  (1986).  In  this 
approach,  the  team  is  seen  as  an  information  processing  system  that  must  perform  several 
functions  to  accomplish  its  mission.  The  functions  are  spread  out  over  a  range  of  locations  and 
divided  into  individual  tasks,  so  that  each  object's  activity  contributes  a  little  to  each  of  the 
several  functions.  The  individual  tasks  can  be  performed  both  by  humans  and  by  intelligent 
computerized  nodes,  Le.  by  an  intelligent  decisionmaking  process.  Each  individual  task  is  itself  a 
combination  of  well  defined  algorithms  that  describe  the  manipulation  to  be  done  to  their  inputs. 
Two  individual  tasks  are  said  to  be  equivalent  if  and  only  if  they  incorporate  the  same 
algorithms. 

An  individual  task  is  thus  a  role  :  a  prescribed  pattern  of  behavior,  as  determined  by  the 
mission.  The  same  role  can  be  performed  by  several  decisionmakers,  provided  that  they  have 
received  adequate  training.  Similarly,  one  d^sionmaker  can  perform  several  roles,  depending 
on  his  experience  and  training.  Finally,  an  intelligent  node  can  perform  several  roles,  according 
to  the  knowledge  and  resources  that  have  been  embedded  in  it 

The  emphasis  is  placed  on  describing  the  roles  of  the  system.  The  components  of  the 
system,  human  and  physical,  are  treated  as  resources.  This  approach  leads  to  the  distinction  of 
two  mechanisms: 

Functional  Flexibility.  If  the  interactions  between  roles  can  vary,  the  system  is 
functionally  flexible.  This  flexibility  induces  varying  interactions  between  the 
physical  elements  once  they  have  been  assigned  to  the  roles. 

Resource  Flexibility.  If  the  assignment  of  resources  can  vary,  there  is  flexibility  in  the 
utilization  of  resources.  This  flexibiliQr  induces  changing  patterns  of  interactions  between 
physical  elements  because  they  are  being  assigned. 

Of  course,  one  organization  can  have  both  mechanisms  simultaneously.  Suppose  that  the 
system  is  a  team  engaged  in  an  automobile  competition.  There  are  two  roles,  the  role  of  the  pilot 
and  the  role  of  the  copilot,  and  two  resources,  human  beings  A  and  B.  There  is  flexibility  in  the 
assignment  of  the  resources  if  A  and  B  can  perform  both  roles:  A  can  pilot  and  B  can  copilot,  or 
B  can  pilot  and  A  can  copilot.  There  is  functional  flexibility  in  the  system  if  the  copilot  is 
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subordinated  to  the  pilot  under  normal  racing  conditions,  and  if  the  copilot  takes  the  lead  if  an 
error  of  navigation  has  been  made.  A  structure  is  thus  characterized  by  two  substructures. 

•  The  functional  structure.  This  is  the  description  of  the  interactions  between  roles,  and 
between  roles  and  the  external  environment  dirough  sensors  and  effectors.  It  depicts  the 
flow  of  data  from  the  sources  to  the  roles,  the  exchange  of  information  between  roles, 
and  the  ctxnmunicadon  of  messages  to  the  electors.  Functional  flexibility  corresponds  to 
varying  exchanges  of  information  within  that  structure,  which  is  also  called  the  Data 
Flow  structure. 

•  The  resource  structure.  This  is  the  description  of  how  resources  can  be  assigned  to  roles. 
Resource  flexibility  corresponds  to  different  interactions  in  the  resource  structure. 

4.2.3  Consistency  and  Determinism. 

As  defined  in  section  4.2.2,  a  variable  structure  system  adapts  its  interactions  to  the  inputs  it 
processes.  Further  properties  of  the  variability  modeled  in  this  thesis  are  defined  in  this  section. 

Definition  4.3 

A  system  is  temporally  consistent  if  it  processes  only  observations  that  refer  to  the  same 
temporal  origin,  ie.,  to  an  event  with  a  specific  time  of  occurrence  (Grevet,  1988). 

Many  systems  have  this  property.  For  example,  the  ASTC  system  monitors  in  real  time  the 
movements  of  planes.  To  add  another  example  in  a  very  different  context,  the  automated  trading 
centers  of  large  brokerage  firms  are  distributed  intelligence  systems  that  monitor  "on-line"  the 
conditions  of  various  financial  maricets. 

Asstunption  4.2 

The  thesis  models  (xily  variable  structures  that  are  temporally  consistent 

It  must  be  noted  that  this  assumption  does  not  imply  anything  about  the  nature  of  the 
processing,  which  may  be  globally  synchronized,  locally  synchronized,  or  totally  asynchronous 
(Bertsekas  and  Tsitsiklis,  1988).  This  assumption  is  made  because  most  of  the  systems  for 
which  this  methodology  is  developed  have  this  property.  The  Air  Traffic  Control  system  or  any 
Command  and  Control  system  work  under  relatively  high  tempos  of  input  arrivals,  and  monitor 
the  environment  "on  line”. 
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Defimti(»  4.4 

A  variable  structure  is  said  to  be  deterministic  if  and  only  if  the  processing  of  one  set  of 

simultaneous  cri>seivations  is  achieved  while  involving  a  unique  set  oi  interactions. 

Assumption  4.3 

This  thesis  models  only  variable  structures  whose  Junctional  structures  ate  deterministic. 

From  the  functional  approach  taken  by  this  thesis,  it  seems  reasonable  to  assume  that  the 
systems  under  study  verify  assumption  4.3,  which  proceeds  from  several  rationales.  The  first 
rationale  is  that  a  role  corresponds  to  a  set  of  algorithms.  Each  algorithm  describes  a 
manipulation  of  its  inputs  according  to  some  rules  of  first  order  logic.  It  therefore  produces  for 
each  set  of  inputs  to  the  algorithm  one  and  only  one  output,  and  interacts  with  one  and  only  one 
pattern.  The  second  rationale  is  that  the  activities  of  the  roles  are  assumed  to  be  coordinated,  so 
as  to  produce  a  uitique  response,  that  of  the  structure,  for  each  set  of  simultaneous  inputs  to  the 
systenL  Each  set  of  simultaneous  observations  must  thus  be  processed  according  to  one  and  only 
one  global  pattern  of  interactions.  Finally,  because  this  separation  between  functional  and 
resource  structures  permits  modeling  not  only  of  structures  in  which  the  interactions  between 
objects  are  determirustic,  but  also  of  structures  with  a  deterministic  functionality  and  some 
randomness  in  the  assignment  of  resources  to  roles.  In  the  rest  of  the  thesis,  the  term  variable 
structure  is  used  as  a  short  hand  for  a  variable  structure  that  is  consistent  and  functionally 
deterministic.  The  next  section  provides  a  mathematical  model  of  the  terms  that  have  been 
described  so  far. 

4.3  MATHEMATICAL  MODEL 
4.3.1  Sensors 

A  variable  structure  processes  data  from  N  sources  of  information,  i.e.  sensors.  Each 
Sensor  n,  n  »  [1,..N],  can  output  one  letter  from  its  associated  alphabet  Xn  s  {xn^,  ...,xn|x„j}. 
These  alphabets  describe  the  basic  items  of  information,  also  called  colors  or  attributes,  which 
are  communicated  to  the  system.  The  alphabets  include  the  null  element,  i.e.,  the  case  where  no 
item  of  information  is  transmitted.  It  is  assumed  that  each  source  is  statistically  independent  of 
the  others.  This  is  accomplished  by  introducing  supersources,  which  aggregate  the  observations 
of  sensors  that  are  statistically  carrelated  (see  Stabile  and  Levis,  1984). 
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As  shown  in  Fig.  4.2,  each  independent  Sensor  n,  n  »  1..N,  is  modeled  by  a  place 
annntatftd  by  Xn.  A  transition  whose  unique  input  place  is  Sensor  i  models  the  communication 
of  the  sensor's  observtuions.  The  tenqxnal  consistency  of  the  observadtms  is  modeled  by  the  fact 
that  all  sensors  are  the  output  of  a  single  process.  This  process  has  a  single  input  place  pO,  which 
is  called  die  external  place. 


Sensor  1 


CommunicaticHi  process 
from  Sensor  1 


Communication  process 
from  Sensor  2 


CommunicatiCTi  process 
from  Sensor  N 


Hg.4.2  Sensors 

From  the  system  point  of  view,  temporal  consistency  implies  that  the  input  is  a 
N-dimensional  vector,  x  =  (xi,  x2, ...,  xn).  This  vector  has  as  components  the  N  independent 
observadtms  and  belongs  to  the  alphabet  X,  cross-product  of  the  source  alphabets: 

X=  Xix  X2  x,..x  Xn. 


4.3.2  Four  Stage  Model 

In  the  Petri  Net  formalism,  each  role  in  a  fixed  structure  has  been  modeled  by  a  subnet  with 
four  transitions  and  three  internal  places,  presented  in  Hgure  4.3.  As  explained  in  Chapter  n, 
places  are  dqiicted  by  circles  and  stand  for  resources  or  messages.  Transitions  between  places 
ate  depicted  by  bars  and  stand  for  algmithms.  The  arcs  denote  the  precedence  relations  between 
these  algorithms.  The  four  stage  decisionmaking  process  consists  of  four  algorithms  S  A,  IF,  Q, 
and  RS.  This  model  shows  explicitly  the  diffoent  kinds  of  interactions  that  can  exist  between 
roles,  and  between  a  role  and  the  aivironment 
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Fig.  4.3  Four  Stage  Model  of  a  Decisionmaker  Intelligent  Node 

In  Figure  4.3,  x  represents  an  input  signal  from  an  external  source  of  information  or  from 
the  rest  of  the  organization,  i.e.  from  another  role.  The  Situation  Assessment  (SA)  algorithm 
processes  the  incoming  signal  to  obtain  an  assessment  of  the  situation.  The  assessed  situation  z 
may  be  transmitted  to  other  decisionmaking  processes.  In  order  to  provide  some  insights  into 
these  definitions,  let  us  consider  the  case  of  an  air  traffic  controller.  Let  us  suppose  that  he  wants 
to  direct  a  plane  that  has  just  entered  the  controUor’s  jurisdiction.  An  air  traffic  controller  receives 
information  fitxn  a  radar  screen  and  over  radio  networks.  At  the  S A  stage,  he  surveys  the  traffic 
by  observing  radar  screens  and  by  listening  to  radio  communications. 

Concurrently,  the  role  may  incorporate  one  or  several  signals  z”  from  other  parts  of  the 
system.  The  signals  z  and  z"  are  merged  together  in  the  Information  Fusion  stage  (IF)  to 
produce  the  final  situation  assessment  z'.  At  this  stage,  a  controller  can  incorporate  information 
about  traffic  density  in  other  jurisdictions.  The  next  algorithm,  the  Command  Interpretation 
algorithm  (Cl)  receives  and  interprets  possible  commands  (v*)  fiom  other  roles,  which  restrict 
the  set  of  responses  that  can  be  generated.  At  the  Cl  stage,  an  air  traffic  controller  can  receive 
some  instructions  about  the  course  of  action  to  be  taken,  for  example,  if  some  planes  have 
suddenly  priority  over  others  (Case  of  emergency).  The  Q  stage  outputs  a  command  v  which  is 
used  in  the  Response  Selection  algorithm  (RS)  to  produce  the  response  of  the  role,  the  output 
y.  This  output  can  be  sent  to  the  effectors  and/or  to  other  roles  in  the  system.  An  air  traffic 
controller  sends  a  pilot  directions,  operating  procedures,  etc.  This  information  can  also  be  sent  to 
other  controllers. 

Of  course,  this  model  does  not  capture  all  the  subtleties  of  an  intelligent  decisionmaking 
process.  Howev^,  it  has  proven  its  usefulness  by  showing  explicitly  different  types  of 
interactions  between  decisionmaking  processes.  Furthermore,  it  is  l»‘oad  enough  to  tackle 
realistic  examples  within  acceptable  computational  requirements.  This  model  is  easily  extended  to 
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a  four  stage  decisionmaldng  process  that  is  variable  by  putting  switches  instead  of  transitions  or 
by  modeling  varying  patterns  of  interactions  with  a  Colored  Pttri  Net,  as  described  in  Chapter  V. 
Three  crafigurations  are  allowed  for  the  structure  of  a  role : 

•  SA,  IF,  a,  RS. 

•  IF,  a  and  RS. 

•  Cl  and  RS. 

These  assumptions  (Remy,  1986)  are  based  on  the  idea  that  a  role  need  not  have  all  four 
stages.  If  two  given  stages  are  present  however,  any  intermediate  stage  must  also  be  present.  In 
the  model,  the  first  stage  is  SA,  IF  or  Cl,  which  are  the  stages  at  which  the  role  may  receive 
external  inputs.  The  last  stage  must  be  RS,  the  stage  in  which  the  role  selects  its  response. 
Definition  4.5  characterizes  roles  that  are  equi^ent  in  a  functional  sense. 


Definition  4.5 

Two  roles  are  equivalent  if  and  only  if  they  have  the  same  configuration  and  the  same 
algorithms  SA,  IF,  Cl  and  RS. 

Example  4.1 

Consider  the  roles  in  Figures  4.4  and  4.5.  Let  two  IF  algorithms  IF  1  and  IF  2  be 
different,  and  the  algorithms  for  the  other  stages  be  identical.  Then  the  roles  are  different 


SA  IFl  a  RS 
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4.3.3  Interactions  between  Roles 


To  be  consistent  with  the  interpretation  of  the  different  stages,  only  certain  types  of 
interactions  are  allowed.  The  interactions  between  two  roles,  i  and  j,  are  the  ones  suggested  for 
interactions  between  decisionmakers  in  Remy  ct  al.  (1988).  They  arc  presented  on  Fig.  4.6. 


SA  IF  a  RS  Role  * 


Fig.  4.6  Allowable  Interactions  between  two  Roles 

Remark;  For  the  sake  of  clarity,  only  the  links  from  the  i-th  role  to  the  j-th  role  have  been 
represented.  The  symmetrical  links  are  valid  intoactions  as  weU. 

Physical  significance  of  the  allowable  interactions: 

•  RS  of  i-th  role  to  external  environment :  j,-. 

The  i-th  role  communicates  the  response  it  has  selected  to  the  effectors.  At  the  system 
level,  the  coordination  of  the  responses  is  shown  on  a  Petri  Net  model  by  adding 
an  output  transition,  as  in  Fig.  4.7.  If  Role  i  sends  its  response  to  the  effectors, 
then  there  exists  a  link  between  the  RS  stage  of  Role  i  and  this  output  transition.  This 
output  transition  has  a  unique  output  place,  which  is  called  the  sink. 
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•  SA  of  i-th  role  to  IF  of  j-th  role: 

The  situation  assessment  which  is  produced  as  an  output  of  the  S  A  stage  is  sent  to  the 
j-th  role  to  be  fused  with  the  assessment  of  the  j-th  role,  and/or  assessments  &om 
other  roles. 

•  RS  of  i-th  role  to  S  A  of  j-th  role:  G,y. 

The  response  selected  by  the  i-th  role  is  the  input  of  the  j-th  role. 

•  RS  of  i-th  role  to  IF  of  j-th  role:  //y. 

This  link  shows  the  sharing  of  a  result.  The  i-th  role  informs  the  j-th  role  of  its  final 
decision.  The  j-th  role  may  or  may  not  take  this  information  into  account. 

•  RS  of  i-th  role  to  Cl  of  j-th  role: 

This  interaction  has  been  introduced  to  model  hierarchy  between  roles.  It  describes 
the  possibili^  of  role  i  sending  a  command  to  role  j. 

Role* 


Role'’ 


4.3.4  Interactions  with  the  Sensors 

Every  component  of  the  system  might  not  have  access  to  all  the  sensors'  observations.  It 
might  base  its  processing  on  a  restricted  number  of  observations.  The  communication  of  the 
observations  from  the  N  sensors  are  modeled  by  the  processed  represented  on  Figure  4.8. 

Physical  significance  of  the  links: 

for  i  a  1..N  :  This  link  models  the  fact  that  the  observation  from  the  i-th  sensor  is 
communicated  to  the  S  A  stage  of  Role  j. 


RS 

s 


Fig.  4.7  Interaction  Role  -  Sink 
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from  Sensor  N 

Fig.  4.8  Interaction  Role-Sensors 


4.3.5  Resource  Allocation 

A  role  is  performed  by  a  human  being  with  an  adequate  training  or  by  an  intelligent  node 
programmed  for  that  purpose.  The  resource  structure  describes  how  resources  can  be  allocated  to 
roles,  and  one  example  such  example  is  depicted  on  Figure  4.9. 


SAl  IFl  ai  RSI  Role  1 


Fig.  4.9  Interactions  between  two  Roles  and  two  Resources 


61 


The  resource  structure  is  constructed  in  several  steps. 

First,  one  resource  place  is  created  for  every  physical  resource.  The  marldng  of  this  place 
describes  whether  the  resource  is  available  or  has  been  assigned  to  some  role. 

Then,  a  place  is  attached  to  each  role,  whose  marking  indicates  how  many  of  the  physical 
resources  that  have  been  assigned  to  the  roles  are  not  processing  some  input.  If  a  role  starts  a 
process,  it  removes  one  token  from  the  place  that  contains  the  physical  resources  that  have  been 
assigned  to  the  role.  A  token  is  put  back  in  that  place  at  the  end  of  the  process. 

Finally,  the  assignment  of  a  physical  resource  to  a  role  is  depicted  by  a  switch.  If  there  is 
one  link  from  the  switch  to  a  role,  then  the  resource  can  be  assigned  to  the  role.  If  there  are  no 
links,  then  the  resource  cannot  be  used  by  that  role.  The  switch  corresponds  to  the  fact  that  a 
resource  can  be  assigned  to  one  and  only  one  role.  On  Figure  4.9,  for  example,  both  resources 
can  perform  Role  1  and  Role  2.  Both  resources  are  available  and  unassigned. 

4.4  MATRIX  REPRESENTATION 

Section  4.3  described  a  model  of  the  components  from  which  a  variable  structure  can  be 
built,  and  a  set  of  interactions  between  these  components.  This  section  presents  a  unified 
framework  to  describe  a  system. 

4.4.1  Matrix  Form 

From  section  4.3,  the  model  of  a  structure  is  characterized  by  the  following  parameters 

•  R  roles,  which  are  ordered  Role  l..Role  R  according  to  some  appropriate  rule. 

•  N  sensors,  which  are  ordered  Sensor  l..Sensor  N. 

•  X  »  Xix  X2  x„.x  Xn  ,  the  set  of  inputs.  X  is  ordered  by  the  lexicographic  ordering. 

•  D  decisionntakers  or  intelligent  nodes,  which  are  ordered  Resource  1 ..  Resource  D. 

Within  the  model  of  section  4.3,  the  functional  structure  is  described  by  the  interactions  F, 
G,  H,  C,  S,  and  s.  The  resource  structure  is  described  by  the  interactions  between  the  resource 
places  and  the  resource  structures  of  the  roles.  Below,  Proposition  4.1  gives  a  straightforward 
characterization  of  a  variable  functional  structure,  while  Proposition  4.2  gives  a  simple 
description  of  the  resource  structure. 
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Proposition  4.1 

A  variable  functional  structure  is  determined  by  /7  =  (S,  s,  F,  G,  H,  C) . 

•  S  is  a  N  X  R  array.  For  i  =  1,..N  and  j  =  1..R,  models  the  link  between  the  i-th 
sensor  and  the  SA  stage  of  die  j-th  role. 

•  .r  is  a  1  X  N  array.  For  i  =  1..R,  Sj  models  the  link  between  the  RS  stage  of  the  i-th 
stage  and  the  effectors. 

•  F,  G,  H,  C  Bxc  four  R  x  R  arrays.  For  i  =  1..R  and  j  =  1..R, 

F|j  models  the  link  from  the  SA  stage  of  Role  i  to  the  IF  stage  of  Role  j. 

Gij  models  the  link  from  the  RS  stage  of  Role  i  to  the  SA  stage  of  Role  j. 

Hy  models  the  link  from  the  RS  stage  of  Role  i  to  the  IF  stage  of  Role  j. 

Cij  models  the  link  from  the  RS  stage  of  Role  i  to  the  Cl  stage  of  Role  j. 

•  Every  entry  in  S,  s,  F,  G,  H,  C  is  a  K!  x  IXI  diagonal  matrix  L. 

Lj^  -  1  if  the  i-th  input  in  the  lexicographic  ordering  activates  the  link. 

Ljj  =  0  if  the  i-th  input  in  the  lexicographic  ordering  does  not  activate  the  link. 


Proof: 

The  matrices  S,  s,  F,  G,  H,  C  describe  uniquely  all  the  interactions  that  can  be  found 
in  the  functional  structure. 

The  functional  structure  is  deterministic.  The  IXI  x  IXI  matrix  attached  to  each 
interaction  keeps  track  of  the  fact  that  each  set  of  inputs,  i.e.  each  x  in  X,  either 
activates  or  does  not  activate  the  interaction. 


Example  4.2 

Consider  a  system  with  two  roles,  Role  1  and  Role  2  and  two  sensors.  Sensor  1  and 
Sensor  2.  The  output  alphabet  XI  is  (a,  b).  The  output  alphabet  X2  is  {c,  d). 
Therefcne,  X  is  {a,  b}x{c,  d}  and  <a,c>  is  the  first  input  in  the  lexicographic  ordering, 
<a,  d>  is  the  second,  <b,  c>  is  the  third  and  <b,  d>  is  the  fourth. 

A  variable  pattern  of  interaction  is  givra  by  IT  as  follows 


S 


I],F  =  G=//=  ®  °.C  = 


0 

LO 


•  I  is  the  4  X  4  idoiti^  matrix.  It  indicates  that  every  input  activates  this  link. 

•  0  the  4  X  4  null  matrix.  It  iiulicates  that  the  link  is  never  activated. 
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•Mis 


10  0  0 
0  10  0 
0  0  0  0 
0  0  0  0 


<a,  c> 
<a,  d> 
<b,  c> 
<b,  d> 


M  indicates  that  the  link  is  activated  only  for  the  first  two  inputs:  (a,c)  and 
(a,d). 

•  S  shows  that  the  outputs  of  Sensors  1  and  2  are  sent  to  Roles  1  and  2. 

•  s  indicates  that  both  roles  send  their  response  to  the  effectors. 

•  F,  G,  H  indicate  that  the  roles  do  not  exchange  information  between  the  S  A 
and  IF  stages,  the  RS  and  S  A  stages,  and  the  RS  and  IF  stages. 

•  The  matrix  C  indicates  that  Role  1  issues  a  command  to  Role  2  if  and  only  if  the 
observations  processed  by  the  organizations  are  ca,  c>  and  <a,  d>. 

Similarly,  the  following  proposition  characterizes  the  resource  stmcture. 

Proposition  4.2 

The  resource  structure  is  given  by  a  R  x  D  matrix.  The  rows  stand  for  the  roles  and  the 
columns  stand  for  the  intelligent  resources  Resource  l...Resource  D. 

RDy  =  1  if  role  i  can  be  performed  by  the  intelligent  resource  j. 

RDij  s  0  if  role  i  caimot  be  performed  by  the  intelligent  resource  j. 


Proof 

An  intelligent  resource  is  either  able  or  unable  to  perform  a  particular  role.  The  matrix  RD 
keeps  track  of  it 

Example  4.3:  Consider  the  resource  structure  of  Figure  4.9.  Then 
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4.4.2  Well  Defined  Functional  Structures 

The  functional  and  resource  structures  play  different  roles  in  this  thesis.  More  emphasis  is 
placed  on  understanding  the  properties  of  functional  structures  than  resource  structures.  There 
are  two  main  reasons  for  this  approach.  The  first  reason  is  that  distributed  systems  are  generally 
generated  by  creating  their  data  flow  structures  (Andreadakis,  1988),  or  analyzed  using  a 
functional  approach  (Valraud,  1989).  Within  the  framework  of  this  thesis,  the  exchange  of 
information  between  the  elementary  functions  is  depicted  by  the  functional  stmeture.  The  second 
reason  is  that  separating  the  functional  structure  from  the  resource  structure  reduces  the 
complexity  of  the  design  problem.  The  designer  is  prevented  firom  computing  architectures  that 
are  symmetrical,  in  the  sense  that  they  correspond  only  to  different  assignments  of  resources.  In 
the  rest  of  this  section,  two  sets  V  and  W  are  defined. 

Definition  4.6 

A  Well  Dotted  Variable  Structure  (WDVS)  of  dimensions  R,  the  number  of  roles,  N,  the 
number  of  sensors,  X,  the  set  of  inputs,  is  any 


n*(S,s,F,G,H,C) 

where 

•  5  is  an  N^IXI  x  IXI  array,  which  is  decomposed  as  a  N  x  1  block  array. 

•  s  is  a  R*IXI  X  IXI  array,  which  is  decomposed  as  a  R  x  1  block  array 

•  F,G,H,C  are  four  R*IXI  x  R^CXI  arrays,  which  are  decomposed  as  R  x  R  block 
arrays. 

•  Each  block  is  a  IXI  x  IXI  diagonal  matrix  with  Os  and  Is  on  the  diagonal. 

Let  V  (R,  N,  X)  be  the  set  of  Well  Eiefined  Variable  Structures  of  dimensions  R,  N,  X. 

Each  variable  functional  structure  characterized  by  R,  N,  X  is  an  element  of  V  (R,  N,  X) 
(Proposition  4.1).  It  is  important  to  remark  that  the  converse  might  not  be  true.  Structures  that 
correspond  to  some  elements  of  V  might  not  make  much  physical  sense. 

Below,  it  is  assumed  that  the  parameters,  R,  N,  X  are  explicitly  fixed.  To  make  notation  less 
cumbersome,  V(R,  N,  X)  is  abbreviated  by  V.  In  order  to  gain  some  insights  into  V,  it  is 
important  to  note  that  a  fixed  functional  structure  is  a  special  case  of  a  variable  structure.  In  the 
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case  of  a  fixed  structure,  the  interactions  in  the  system  do  not  depend  on  the  inputs  to  the  system, 
and  a  link  is  either  present  (and  the  diagonal  entry  in  the  appropriate  block  array  is  the  IXI  x  IXI 
identity  matrix)  or  absent  (and  the  diagonal  entry  in  the  appropriate  block  array  is  the  IXI  x  IXI 
null  matrix).  Proposition  4.2  provides  a  notation  for  fixed  structures. 


Proposition  4.2 

A  fixed  functional  strucmre  is  given  by  X  =  (  5',  s',  F',  G',  H',  C). 

•  The  N  X  R  matrix  S'  describes  the  interaction  between  sensors  and  roles;  the  1  x  R 
matrix  s’  describes  the  interactions  between  roles  and  effectors;  the  R  x  R  matrices 
F,  G',  H’,  C  correspond  to  the  interactions  between  roles. 

•  The  entry  of  each  matrix  belongs  to  {0, 1 }. 

It  is  1  if  the  corresponding  link  is  present  in  the  system. 

It  is  0  if  the  corresponding  link  is  not  present  in  the  system. 


Example  4.4: 

The  following  matrices  describe  a  fixed  stmeture  system. 


S’  = 


s’  l],  ^=0’  =  ^  = 


00 

00 


0  1 
po_ 


This  is  a  functional  structure  with  two  roles  and  two  sources. 

Role  1  receives  the  observations  fix)m  Sensor  1,  Role  2  receives  the  observations  fipom 
Sensor  2  (Matrix  S’). 

Both  roles  send  their  response  to  the  effectors  (Matrix  s’). 

Role  1  issues  a  command  to  Role  2  (Matrix  C),  and  there  are  no  other  interactions 
between  roles  (Matrices  F,  G’,  IT). 

As  was  done  for  variable  structures,  this  proposition  leads  to  the  following  definition. 
Definition  4.7 

A  Well  Defined  Fixed  Structure  (WDFS)  of  dimensions  R,  N  is  any 

Z  =  (S’,s’,F,G’,H’,C’) 

where 
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•S'  is  an  N  X  1  array, 

•  s’  is  a  R  X  1  array, 

•  F',  G',  H',C  '  arc  four  R  x  R  arrays. 

•  Their  entries  belong  to  {0,1 }. 

Let  W  (R,  N)  be  the  set  of  Well  Defined  Fixed  Structures  of  dimensions  N,  R.  Each  fixed 
fimcti(»ial  structure  characterized  by  R,  N  is  an  element  of  W(R,  N)  (Proposition  4.2).  Note  that 
here  again  the  converse  might  not  be  true.  Some  elements  of  W(R,  N)  might  not  make  much 
physical  sense.  To  make  notations  less  cumbersome,  W(R,  N)  is  also  abbreviated  by  W. 

4.4.3  Decomposition  of  Variable  Stmctures 

Intuitively,  one  can  think  of  a  variable  functional  structure  as  a  collection  of  fixed  structures 
and  some  rule  for  assigning  a  unique  fixed  structure  to  each  input  This  fixed  structure  describes 
the  exchange  of  information  in  the  structure  while  x  is  being  processed-  Proposition  4.3  gives  a 
mathematical  characterization  of  this  concept  within  the  larger  firamework  of  the  sets  V  and  W 
introduced  in  section  4.3.2. 

Proposition  4.3 

Any  WDFS  IT  =  (S,  s,  F,  G,  H,  C)  in  V  can  be  represented  as  a  mapping  fiom  the  set  of 
inputs  X  into  the  set  W.  Reciprocally,  any  mapping  from  the  set  of  inputs  X  into  the  set  of 
fixed  structures  W  ccxiesponds  to  one  variable  structure  in  V. 

Proof: 

For  each  x,  if  x  is  the  k(x)-th  input  in  the  lexical  ordering  of  X, 
let  us  define  n  (x)  =  (S'(x),  s'(x),  F(x),  G’(x),  ITCx),  C(x)) 

•  S'(x)  is  an  N  X  R  array.  For  i  =  1..N  and  j  =  1..R, 

S  (X)jj  =  [Sjj] 

where,  by  proposition  4.1,  [Sjj]  k(x)k(x) 

and  indicates  whether  or  not  the  set  of  observations  x  activates  S^j. 

•  s'(x)  is  an  R  X  1  array.  For  i  *  1..R 

S'(x)j  =  [Sj]  k(x)  k(x) 

where,  by  proposition  4.1,  [Sj]  k(x)k(x)  value  in  (0,  1} 

and  indicates  whether  or  not  the  set  of  observations  x  activates  Sj. 
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•  F(x),  G'(x),  ITCx),  C(x)  are  fcMir  R  x  R  arrays.  For  i  =  1..R  and  j  =  1..R 

*  [Fiji  k(x)  k(x) 

where,  by  piopoation  4.1,  [Fy]  k(x)k(x)  its  value  in  {0, 1} 
and  indicates  whetho:  or  not  the  set  of  observations  x  activates  F^. 

G  (x)ij  =  [Gij]  k(x) 

where,  by  proposition  4.1,  [Gjj]  k(x)k(x)  value  in  {0, 1} 

and  indicates  whether  or  not  the  set  of  observations  x  activates  Gy. 
H'(x)ij  =  [Hy]  ic(x) 

where,  by  proposition  4.1,  [F^j]  k(x)k(x)  value  in  (0, 1} 

and  indicates  whether  ot  not  the  set  of  observations  x  activates 

^  (*)ij  “  [Qj]  k(x)  k(x) 

where,  by  proposition  4.1,  [Cy]  k(x)k(x)  ***  value  in  {0, 1} 
and  indicates  whether  or  not  the  set  of  observations  x  activates  Qj. 

•  The  entries  of  each  array  are  thus  Os  and  Is.  They  describe  whether  or  not  the 
corresponding  link  is  present  in  the  structure  when  the  set  of  inputs  is  x. 

It  is  easy  to  see  that  each  IKx)  is  a  fixed  structure  in  W,  and  that  it  describes  the 
interactions  between  roles,  and  between  roles  and  environment,  when  the  system 
processes  the  set  of  inputs  given  by  x  -  <xi,...,xn  >.  Each  well  defined  structure  is  thus 
given  by  a  iiuq)ping  frcnn  X  to  W  that  assigns  to  each  x  the  Exed  structure  IKx). 

Reciprocally,  consider  a  im^ping  which  associates  to  each  x  in  X 

n  (x)  *  (S’(x),  s’(x),  F(x).  GXx),  H’(x),  C(x))  in  W,  and  define 

•  5  a  N  X  R  block  array.  For  i  =  1,..N  and  j  »  1..R,  Sy  is  a  IXI  x  IXI  diagonal 
matrix  with  [Syl^  ^  =  [S'(x)]i  j  and  u  =  rank  of  x  in  lexicographic  ordering  of  X 

•  s  a  1 X  N  block  array.  For  i  =  1..R,  s^  is  a  IXI  x  IXI  diagonal  matrix  with 
[Sijluu  *  [s'Wli j  ^  of  X  in  lexicographic  ordaing  of  X. 

•  F,  G,  H,  C  four  R  x  R  block  arrays.  For  i  =  1..R  and  j  =  1..R, 

Fy  is  a  Kl  X  IXI  diagonal  matrix  with 
[Fijluu  *  [FWlij 

and  u  =  rank  of  x  in  lexicographic  ordaing  of  X. 

Gy  is  a  Kl  X  IXI  diagonal  matrix  with 
[Gy]„„  =  [G’(x)]y 

and  u  =  rank  of  x  in  lexicographic  ordering  of  X 
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is  a  Kl  X  Kl  diagonal  matrix  with 
[Hij]„„»[ir(x)]y 

and  u  s  rank  of  x  in  lexicographic  ordering  of  X. 
is  a  DCI X  Kl  diagonal  matrix  with 

[Cij]«„  =  [C(x)]ij 

and  u  s  rank  of  x  in  lexicographic  ordering  of  X. 

n  is  by  construction  a  WDVS  such  that  if  one  link  is  present  in  IKx),  then  this  link  is 
activated  by  x  in  n.  Thus  IT  represents  a  variable  stracture  for  which  each  IlCx)  describes  the 
interactions  in  the  system  when  it  processes  the  set  of  observations  x. 

Proposition  4.3  states  therefore  that  it  is  equivalent  to  work  in  the  set  V  or  to  work  in  the 
set  of  all  assigmnents  from  X  to  W.  In  the  rest  of  this  thesis  an  effort  is  made  to  use  the 
framework  that  is  most  convenient  for  each  problem.  For  any  WDVS,  the  notation  IT  is  used 
either  to  mean  the  set  of  arrays  S,  s,  F,  G,  H,  C  or  the  mapping  that  associates  to  each  x  a 
WDFS.  From  the  characterization  of  11  as  a  m^qring,  one  can  easily  understand  Definition  4.8. 

Definiticn  4.8 

Let  n  be  a  WDVS;  dien  the  range  the  mapping  in  W  is  called  the  support  of  the  WDFS. 

It  follows  from  the  definition  that  if  a  WDFS  J  belongs  to  the  support  of  IT,  then  at  least  one 
input  is  processed  according  to  the  fixed  pattern  J. 

4.4.4  Lattice  Apjxooch 

The  modding  of  variable  and  fixed  structures  in  a  nuurix  form  leads  to  a  natural  ordering  of 
the  sets  V  and  W.  The  importance  of  this  ordering  q>pears  in  Propositions  4.4  and  4.S,  which 
state  that  V  and  W  are  lattioes.  Hrst,  Defirution  4.9  provides  an  essential  tool 

Definition  4.9 

Anarray  [AijliinLjinj.  Aij  =  0orl,  ‘’smaller  than”  [Bjj]  Bij  =  Oorl 

if  and  only  if 

For  every  i  and  for  every  j,  AjjSBj^. 


One  sees  without  any  difficulty  that  the  relation  "is  smaller  than”  is  a  partial  ordering.  Enrst, 
a  binaiy  relation  SUB  is  defined  on  W. 

Definition  4.10 

Consider  two  WDFS  £  and  in  some  W.  The  binary  relation  SUB  is  defined  by 

2  *  (S,  s.  F,  G,  H,  C)  SUB  r  =  (S’,  s’,  F,  G’,  ff,  C)  if  and  only  if 

•  S  is  smaller  than  S',  s  is  smaller  than  s', 

•  F  is  smaller  than  F,  G  is  smaller  than  G', 

•  H  is  analler  than  H*,  C  is  smaller  than  C. 

SUB  is  trivially  a  partial  ordoing  of  W.  2  SUB  2'  means  that  every  interaction  in  2  is 
present  in  2'.  The  WDFS  2'  has  more  interactions  than  WDFS  2.  In  other  words,  2  SUB  2' 
means  that  the  Ordinary  Petri  Net  that  represents  2  is  a  subnet  of  the  Ordinary  Petri  Net  that 
represents  2'.  Similarly,  a  binary  relation  on  W  is  given  by  Definition  4.1 1. 

Definition  4. 11 

Consider  two  WDVS 11  and  H'  in  some  V.  The  binary  relation  ACT  is  defined  by 
n  =  (S,e,s,F.G,H,C)ACTn»(S’,e'.  s’,  F,  G’,  IT,  C ) 

if  and  only  if 

V  i  J  Sy  is  smaller  than  Sy',  s^  is  smaller  than  s’|, 

Fy  is  smaller  than  Fy,  Gy  is  smaller  than  G'y, 

Hy  is  smaller  than  H'y,  Cy  is  smaller  than  C’y. 

In  other  words,  11  ACT  O'  if  and  only  if  for  each  x,  IlCx)  SUB  II’Cx).  Here  again,  one 
sees  that  ACT  is  a  partial  ordering.  11  ACT  11'  means  that  every  input  that  activates  an  interaction 
in  n  activates  the  same  interaction  in  11'.  II  has  fewo*  interactions  than  II'. 

The  partial  orderings  SUB  and  ACT  are  important  in  this  thesis.  They  provide  the  major 
tools  that  are  used  in  Chapter  vn  to  structure  the  set  of  solutions  to  the  design  problem.  They 
have  been  introduced  for  two  reasons.  First  of  all  they  make  sense.  Since  this  thesis  focuses  on 
the  interactions  as  they  are  induced  by  the  observations,  it  seems  logical  to  say  that  a  structure  IT 
is  less  active  than  another  II'  if  every  link  is  activated  at  least  as  often  over  the  set  of  inputs  in  FI' 
as  in  n.  The  second  reason  comes  fiom  Propositions  4.4  and  4.5. 
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Proposition  4.4 

(V,  ACT)  is  a  lattice 

Proposition  4.5 

(W,  SUB)  is  a  lattice 

Proof 

The  meet  of  two  structures  IT  and  11'  (£  and  £'  resp.)  is  the  structure  which  consists  of 
the  interactions  that  are  common  to  FI  and  11'  (L  and  Z'  resp.). 

Every  structure  H"  (Z"  resp.)  that  is  ^  than  both  FI  and  FI"  (Z  and  Z'resp.)  is 
necessarily  ^  than  the  meet 

The  join  of  two  structures  FI  and  FI'  (Z  and  Z'  resp.)  is  the  structure  which  consists  of 
all  the  interacdons  of  FI  and  FI'  (Z  and  Z'  resp.). 

Every  structure  FI"  (Z"  resp.)  s.t  FI  ^  FI"  and  FI'  ^  FI"  (Z  ^  Z"  and  Z’  ^  Z"  resp.)  is 
necessarily  ^  than  the  join. 

4.5  PARTITIONS  OF  X 

There  are  three  types  of  intetacticms  in  a  Well  Defined  Variable  Structure. 

•  The  inadmissible  links.  These  are  the  links  which  correspond  to  the  entries  of  FI  that 
are  the  (XI X IXI  null  matrix.  No  input  requires  this  interaction  to  be  processed. 

•  The  pemtonenr  links.  These  are  die  links  which  correspond  to  the  entries  of  FI  that  are 
die  IXI  X  IXI  identity  matrix.  Every  input  requires  this  interaction  to  be  processed. 

•  The  variab/«  links.  These  are  die  links  which  correspond  to  the  entries  of  FI  that  have 
Os  and  Is  on  the  diagonal  Some  inputs  require  this  interaction  to  be  processed,  while 
some  do  not  Each  variable  link  defines  a  partition  of  X  into  two  subsets:  the  set  of 
inputs  that  activates  the  link  and  the  set  of  inputs  that  does  not  activate  the  link. 

Inadi  '  ssible  links  and  permanent  links  are  of  litde  interest  as  far  as  variability  is  concerned. 
If  a  link  is  inadmissible  or  permanent  between  two  stages,  then  the  stages  have  a  fixed  pattern  of 
interacticm  irrespective  of  the  mput  to  the  system.  This  caimot  be  the  case  for  variable  links.  If  a 
system  is  processing  some  input,  the  stages  must  know  whether  they  interact  or  not.  This 
decision  must  be  based  on  the  information  received  by  each  role,  and  the  major  difficulty  is  that 
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different  roles  might  not  have  access  to  the  same  sources  of  information.  Thus  thov  is  a  need  to 
describe  the  relationships  between  the  sources  of  information  that  are  commonly  accessed  by  the 
stages,  and  the  potential  partitions  of  the  set  of  inputs  X  into  the  subset  for  which  a  message  is 
exchanged  and  the  subset  for  which  no  messages  are  exchanged. 

First,  Definition  4.12  introduces  a  family  of  binary  relations  on  X,  to  characterize  the 
partitions  of  X  that  are  based  on  a  single  common  source  of  information.  Recall  that  a  system 
processes  information  from  N  sensors.  Sensor  1,..,  Sensor  N.  The  observation  of  Sensor  i,  xi, 
belongs  to  the  output  alphabet,  Xi  =>  (xi^,..,  xi  qqj}  where  IXil  is  the  number  of  outputs  in  Xi. 


Definition  4.12 

For  i  =  1..N,  the  binary  relation  is  defined  on  X  =  X^  x  ..x  X^  by; 
X  Ri  x'  ,  X  =  <xi,.-.,xN>  x'  =  <x'i,...x'N> 

if  and  only  if 


Xi  =  x'i . 


Two  inputs  are  equivalent  according  to  the  relation  Rj  if  and  only  if  they  correspond  to  the 
same  output  from  Sensor  i,  irrespective  of  the  outputs  of  the  other  sensors.  Proposition  4.6 
describes  the  fundamental  result  of  these  binary  relations. 

Proposition  4.6 

The  binary  relations  R^,  i  =  1..N,  are  equivalence  relations. 

Proof: 

Let  i  be  any  integer  between  1  and  N. 

Any  X  s  <xi,...,xj.f>  has  the  same  i-th  component  as  itself,  thus  Rj  is  reflexive. 

If  x^  s  x'i  is  true,  then  x'i  =  xi  is  true  thus  x'  R^  x  is  true,  and  Rj  is  symmetric. 

Finally,  if  x  and  x'  have  the  same  i-th  component  and  if  x'  and  x”  have  the  same  i-th 
component,  i.e.  Xi  =  x'|  and  x'l  =  x"i ,  then  by  transitivity  of  equality,  x  and  x"  have 
the  same  i-th  component,  i.e.  Xj  =  x"!.  Therefore  Rj  is  transitive. 

Every  equivalence  relatimi  R|  induces  a  partition  of  X  into  equivalence  classes,  as  described 
by  Theorem  3.1.  By  definition,  two  inputs  to  the  system  belong  to  the  same  equivalence  class  if 
and  only  if  they  correspond  to  the  same  output  of  Sensor  i.  Each  equivalence  class  is  thus  an 
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element  of  Xi  ={xi  i , xi  },  where  jd  is  the  subset  of  all  inputs  whose  i-th  entry  is  xij^. 

Suppose  that  a  variable  interaction  is  triggered  by  the  outputs  of  Sensor  i  only.  For 
exanqile,  an  interaction  exists  if  and  only  if  Sensor  1  outputs  xi^,  irrespective  of  the  observations 
of  Sensors  2  to  N.  The  set  of  inputs  to  the  system  that  activates  the  link  is  xi  ^ ,  and  the  set  of 
inputs  that  does  not  activate  the  link  is  given  by  the  union  of  the  equivalence  classes  k  ^  1. 
More  generally,  a  variable  interaction  triggered  by  the  output  of  a  unique  sensor.  Sensor  i,  is 
characterized  by  Proposition  4.7. 

Proposition  4.7 

A  variable  interaction  is  based  exclusively  on  the  output  of  Sensor  i  if  and  only  if  there 
exists  a  partition  of  Xi  ={xi  i , ....  xi  }  into  two  sets  II  and  12  such  that: 

AC  =  xi^  is  the  set  of  inputs  that  activate  the  link. 

DC  s  u^.  ^  is  the  set  of  inputs  that  do  not  activate  the  link 


Proof 

If  the  variability  of  an  interaction  is  based  exclusively  on  the  observations  of  Sensor  i, 

then  there  exists  a  partition  of  the  output  alphabet  Xi  into  II  and  12  such  that 

•  II  is  the  subset  of  ouq>uts  for  which  the  interaction  exists  and 

•  12  is  the  subset  of  outputs  for  which  the  interaction  does  not  exist 

Let  AC  =  yjja  t  mil  DC  =  vj;o  kmU^  k  A  u  B  =  X  and  A  n  B  =  0. 

Consider  any  input  x  to  the  system.  The  statement  "x  belongs  to  AC"  is  equivalent  to 

"The  output  of  Sensor  i  belongs  to  (xi  ^  k  is  in  II },"  i.e.,  x  activates  tiie  link. 

Consider  a  partition  of  X  into  two  subsets  AC  and  DC.  If  there  exists  a  partition  of  Xi  into 
two  sets  II  and  12  such  that  AC  s  '^xikvnii^k  andDC=  '-Jxikinn^^k  then  the  output 
alphabet  Xi  is  said  to  be  an  effective  alphabet  of  the  partition  AC,  DC.  Proposition  4.7  indicates 
that  the  partitioning  of  the  inputs  is  based,  in  this  case,  on  the  information  carried  out  by  the 
output  of  Sensor  i  exclusively.  These  definitions  and  propositions  can  be  easily  extended  to 
characterize  partitions  that  are  detomined  by  several  sources  of  information. 
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Definition  4.13 

Let  il,...  ik  be  in  [1..  N].  The  binary  relation  Ri2, 22,,.^  is  defined  on  X  by: 

*  Rii.  i?,  iv  x' .  *  “  <xi,...,xN>  x’  =  <x'i,...x'N> 

if  and  only  if 

X  Rji  x'  and...and  x  Rj^x*. 

In  other  words,  two  sets  of  simultaneous  observations  x  and  x'  verify  x  ^ 

and  only  if  they  ctnrespond  to  the  same  ouq)uts  of  the  sensors  Sii  to  Sik.  These  binary  relations 
verify  without  any  further  comment  Proposition  4.8. 

Proposition  4.8 

The  relations  Rji^  it*-*  [1-N]  are  equivalence  relations. 

Each  relation  R^i^  i2,...4k  defines  a  partition  of  X  into  IXj2l*..*IXj^l  equivalence  classes, 
that  is  the  number  of  different  observations  of  the  sensors  Sii  to  Sik.  Each  one  can  be 
represented  without  any  difficulty  as  an  element  of  Xij  x  ..x  Xi/p 

Example  4.5: 

Let  us  suppose  diat  there  are  only  two  sensors.  Their  ouq)ut  alphabets  are 
Xl=  {  A,  B,  C}  and  X2  =  {T,  U).  The  equivalence  classes  of 

•  Rx  are 

A  »  {<A,T>,  <A,  U>} 

B  <B,  U>} 

C  =  {<C,T>,  <C,  U>} 

•  R2are 

U  »{<A,  U>,  <B,  U>,  <C,  U>} 

T  *  {<A,  T>,  <B,  T>,  <C,  T>} 

•  Rx2are 

<A,7'>  =  {<A,T>}  <A.U>  =  {<A,U>} 

<B.T>  =  (<B,T>}  <B.U  >  »  {<B,U>} 

<C.T>  *  {<C,T>}  <C,U>  *  (<C,U>}. 


Proposition  4.9 

A  variable  interaction  is  based  exclusively  on  the  outputs  of  Sensor  ii,...,SensQr  i  if  and 
only  if  there  exists  a  partition  of  Xij  x  ..x  Xi^  into  two  sets  II  and  12  such  that: 


AC  = 


<jdl. 


>  in  II  ^ 


is  the  set  of  inputs  diat  acdvates  the  link. 


<xUjj  . xikj^  >  inI2  jl  jk 


is  the  set  of  inputs  that  does  not  activate  the  link. 


•  There  exist  k  outputs  xii...  x^ ,  some  i^,  in  ii,..,ik  some  x'i,„  in  X  such  that 
<xij,.  xii^  is  in  AC  and  <xij,.  x'i„,  xik>  is  in  DC. 


Proof 

The  first  part  of  the  proof  is  similar  to  the  proof  of  Proposition  4.7.  The  second 
part  describes  the  condidons  under  which  a  parddoning  depends  cm  the  observadons  of  k 
sensors  exclusively.  There  must  exist  two  sequences  of  k  observations  that  differ  by  one 
and  only  one  output,  such  that  one  sequence  activates  the  interaction  and  the  other  one 
does  not  activate  it  It  is  necessary  to  know  the  k  observations  xi^,..,  xi^  to  decide 
whether  an  input  that  cmtains  the  observations  xip  for  p  in  [1.  Jt]  p  m  activates  or  does 
not  activate  die  interactitxi. 


Consider  a  partition  of  X  into  AC  and  DC  such  that  Xij  x  ..x  Xi^  can  be  partitioned  into 
two  sets  II  and  12  with: 

•  AC 


<xU„  . >  in  II  y/  ^ 


DC 


<xU 


Vi  . 

SJ  ,  r^xil.,  ,..., xik..  > 
..a**  >  inI2  jk 


Vi  .  A 

•  There  exist  k  outputs  xi^,..  xi^ ,  some  i„  in  ii,..,ik  and  some  x'i„  in  X  s.t 
<xij,.  xi^..  xi^  is  in  AC  and  <xij,.  xU^,  xik>  is  in  DC 


Then,  Xi^,..  Xi^  are  said  to  be  tffective  alphabets  of  the  partition  AC,  DC.  Proposition  4.9 
indicates  that  the  partitioning  of  the  inputs  between  AC  and  DC  is  based  in  that  case  on  the 
information  carried  out  by  the  ouq)uts  of  the  sensors  Sensor  i^,....  Sensor  i^.  Effective  alphabets 
are  important  in  Chapter  VI  in  order  to  define  some  structural  constraints  on  the  set  V  and  to 
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decompose  some  user  defined  constraints  in  Qiapter  VIL 


Note  that  such  a  decomposition  always  exists.  The  classes  defined  by  the  equivalence 
relation  Rix  ^  indeed  exactly  the  elements  of  X.  Thus,  each  subset  S  of  X  can  be  written  as 
the  union  of  the  equivalence  classes  corresponding  to  its  elements.  XI, ..,  Xn  are  potential 
effective  alphabets  of  any  partition  of  X  between  some  and  some  DC.  An  alphabet  Xi  is  effective 
if  and  only  if  there  exist  k  outputs  xii,..x^,  some  i^  in  i^,..,!^  and  some  x'i„  in  X  such  that: 

•  <xij,.  xi^..  xiic>  is  in  AC 

•  <xij..  x’i^,  is  in  DC, 

•  i  is  one  of  the  ii,..,ik. 

Note  that  the  set  of  effective  alphabets  is  0,  i.e.  the  activation  of  the  link  is  not  based  on  any 
source  of  information, 

•  if  AC  =  0,  DC  =  X  (inadmissible  link) 

•  if  AC  =  X,  DC  s  0  (permanent  link). 

Exan^le  4.6: 

Consider  the  case  erf  the  interaction  represented  by  the  mattix  M  of  Example  4.2 

1  0  0  0  <a,c> 

0  10  0  <a,d> 

0  0  0  0  <b,  c> 

0  0  0  0  <b,  d> 

The  set  X  is  partitioned  into  {<a,c>,  <a,d>},  which  is  the  set  of  observations  that 
activate  the  link,  and  {<b,c>,  <b,d>),  which  is  the  set  of  observations  that  does  not 
activate  the  link.  Consider  the  relation  Rl,  which  has  two  equivalence  classes  a  and  b, 
where  a  =  {<a,c>,  <a,d>}  andb  =  {<b,c>,  <b,d>}. 

The  partition  of  X  as  AC  =  {<a,c>,  <a,d>}  and  DC  =  {<b,c>,  <b,d>}  corresponds  to 
AC  =  a  and  DC  =  b .  XI  is  thus  the  effective  alphabet  of  the  partition. 

This  chapter  defined  variable  structure  distributed  intelligence  systems.  The  objects  and  the 
functional  entities  have  been  described,  and  a  matrix  representation  of  a  variable  structure  has 
been  introduced.  Finally,  variable  links  have  been  addressed  in  more  depth.  The  next  chapter, 
Chapter  V,  describes  the  relationships  between  variable  structures  and  Colored  Petri  Nets. 
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CHAPTER  V 


COLORED  PETRI  NET  MODELING 


A  model  of  variable  structures  has  been  described  in  Chapter  IV.  This  chapter  shovirs  how  to 
translate  the  concepts  that  have  been  defined  into  the  language  of  Colored  Petri  Nets  (CPN).  A 
class  of  CPN  is  introduced  as  well  as  some  of  its  properties,  which  provides  the  theoretical 
foundatitm  for  the  methodology.  The  main  rationale  for  introducing  CPNs  is  that  Ordinary  Petri 
Nets  have  been  used  extensively  to  analyze  and  generate  fixed  structure  distributed  systems  and 
that  CPNs  furnish  a  powerful  extension  that  makes  it  possible  to  model  variable  interactions. 

5.1  PRINCIPLES  OF  COLORED  PETRI  NET  MODELING 

Rrst,  diis  thesis  addresses  variability  in  die  functional  stracture  rather  than  variability  in  the 
resource  structure.  The  model  has  been  elaborated  primarily  to  describe  variable  interactions 
between  the  functicHial  units,  the  roles. 

Second,  this  thesis  describes  variability  based  exclusively  on  the  sensors'  observations.  For 
each  set  of  N  simultaneous  observaticms  <xi,...,  xN>,  the  pattern  of  interactimi  between  roles,  as 
expressed  by  die  entries  of  the  matrix  representadon  of  any  WDVS,  is  uniqudy  detennined. 

Finally,  this  thesis  modds  the  exchanges  of  information  as  they  are  induced  by  the  sensor's 
observaticHis,  but  does  not  address  the  actual  nature  of  the  information  being  transmitted,  the 
information  content  ci  die  messages. 

5.1.1  Tokai-Colors  and  Occurrence-Colors 

The  emphasis  of  this  i^roach  is  reflected  in  the  CPN  modeling,  in  which  X,  the  set  of 
inputs  to  the  system,  plays  a  critical  role. 

Propositimi  5.1 

Every  transition  in  a  CPN  model  of  a  WDVS  has  die  same  set  of  occurrence  colors:  X. 


77 


Proof: 

It  is  known  from  Chapter  in  that  each  transition  models  a  process  in  the  system. 
Each  process  introduced  in  Chapter  IV  is  an  algorithm  performed  by  a  role,  and  each 
process  interacts  deterministically  based  on  the  observations  that  have  been 
communicated  to  it  Each  process  has  one  and  only  one  pattern  of  interaction  for  each 
input  X  =  <xi,...,xN>  to  the  system.  X  is  thus  a  set  whose  elements  parametrize 
oxnpletely  the  behavior  of  the  process:  X  can  be  selected  as  the  set  of  occurrence  colors 
for  any  transition  in  the  system.  Let  x  be  any  element  of  X  and  t  be  any  stage  in  the  CPN 
model.  Then  the  firing  mode  of  the  transition  t,  x  =  <xi,...,xN>  describes  that  t  does  its 
part  of  the  total  processing  for  the  case  where  x  =  <xi,...,xn>  is  the  set  of  N 
simultaneous  observations. 

Two  different  types  of  links  have  been  introduced  in  Chapter  IV:  Interactional  links,  and 
internal  links.  Each  link  corresponds  to  two  arcs  and  one  place  in  a  CPN  model  of  a  WDVS. 

•  One  interactional  link  corresponds  to  one  link  between  two  different  objects  in  the 
functional  structure.  This  is  either  a  link  from  the  communication  process  of  a  sensor  to 
the  RS  stage  of  one  role,  or  it  is  a  link  from  a  stage  of  a  role  to  a  stage  of  another  role. 

•  One  internal  link  corresponds  to  one  link  between  two  stages  within  the  same  role.  It 
describes  the  fact  that  the  internal  processing  of  a  role  is  continuous. 

•  Interactional  and  internal  links  belong  to  the  functional  structure,  and  messages  that  have 
been  generated  by  the  inputs  to  the  system  are  exchanged  in  the  functional  structure. 

There  is  a  third  class  of  links  in  the  system,  i.e.,  the  links  that  represent  interactions  that 
must  be  present  in  any  system,  and  thus  in  any  CPN  model  of  the  system.  These  are  the  links 
from  the  external  place  to  the  commuiucation  processes  of  the  sensors,  and  the  link  from  the 
output  transition  to  the  sink.  These  links  ate  present  and  permanent  because  they  model  the 
conditions  needed  by  a  system  to  operate.  There  must  be  a  constant  flow  of  information  from  the 
environment  to  the  sensors  (links  from  the  external  place  to  the  communication  processes),  and  a 
flow  of  information  from  the  system  once  it  has  selected  a  response  (the  ou^ut  stage)  to  the 
effectors  (the  sink).  These  links  do  not  raise  particular  issues  as  far  as  modeling  or  analysis  are 
concerned.  They  are  assumed  to  be  present  in  any  CPN  model. 

Proposition  5.2 

Every  place  in  a  CPN  model  of  the  functional  structure  has  the  same  set  of  token  colors:  X. 
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Proof: 

Let  us  consider  one  place  in  the  functional  structure.  This  place  receives  messages  that 
have  been  generated  by  some  input  to  the  system  x  =  <xi,...,xN>,  As  this  thesis  is  not 
concerned  with  the  nature  of  the  message,  it  is  equivalent  to  say  that  a  place  receives  a 
message  generated  by  x  =  <xi,...,xN>  or  that  a  token  whose  color  is  x  =  <xi,...,xn>  is 
put  in  the  place.  X  can  thus  be  the  set  of  token  colors  for  all  places  in  the  functional 
structure. 

Propositions  5.1  and  5.2  indicate  that  a  functional  structure  can  be  represented  by  a  very 
simple  class  of  Colored  Petri  Nets,  that  in  which  the  sets  of  token  colors  and  occurrence  colors 
are  identical  for  all  places  and  transitions  in  the  net  If  a  token  <xi,...,xN>  is  in  some  place  p  in 
the  CPN  model  of  a  functional  structure,  this  shows  that  some  item  of  information  generated  by 
the  set  of  observations  x  =  <xi,...,xN>  is  being  exchanged  between  objects.  If  firing  mode 
x-<xi,...ptN>  is  enabled,  the  stage  can  do  its  part  of  the  processing  when  x  =  <xi,...,xN>  is 

the  input  to  the  system.  When  the  transition  fires  acctnding  to  the  firing  mode  <xi . xN>,  one 

token  of  color  <xt,...,xN>  is  removed  from  some  input  places  of  the  transition  and  a  token  of 
color  <xi,...,xN>  is  put  in  some  output  places. 

A  variable  interaction  corresponds  to  the  case  of  a  transition  such  that  tokens  are  not  always 
removed  from  the  same  places  and  are  not  put  in  the  same  output  places  over  all  firing  modes  in 
X,  messages  can  be  received  from  different  processes  and  can  be  sent  to  a  variable  number  of 
processes.  As  described  in  Chapter  m,  variable  interactions  are  embedded  in  the  annotations  of 
the  arcs.  Each  arc  is  annotated  by  a  matrix  and,  as  described  in  Chapter  IV,  each  arc  in  the 
functional  structure  belongs  to  a  link  that  models  an  allowable  interaction.  It  is  assiuned  that  a 
link  (the  place  and  the  two  arcs)  is  represented  on  a  CPN  model  of  the  structure  if  and  only  if  the 
interaction  is  activated  for  at  least  one  set  of  inputs  to  the  system,  i.e.,  one  x  in  X. 

The  rows  of  the  matrix  attached  to  an  arc  stand  for  the  token  colors  and  the  columns  stand 
for  the  occurrence  colors,  which  happen  to  be  the  same  in  this  model:  the  matrix  is  a  IXi  x  IXi 
matrix.  The  column  corresponding  to  a  firing  mode  <xi,...,xN>  describes  the  tokens  that  are 
carried  through  the  arc  when  <xi,...,xN>  is  the  firing  mode  of  the  transition.  The  column  is  a 
null  column  if  the  interaction  is  not  activated  when  some  piece  of  information  generated  by 
<xi,...,xN>  is  being  processed  by  the  transition.  The  column  is  non  null  if  the  interaction  is 
activated  when  <xi,...,xN>  is  being  processed  by  the  transition.  Since  this  model  implies  that  the 
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axe  carries  exclusively  a  token  of  color  <xi,...,xN>  if  the  firing  mode  of  the  adjacent  transition  is 
<xi,...,xN>,  an  interaction  is  activated  if  and  only  if  the  diagonal  entry  that  corresponds  to 
<xi,...,xN>  in  the  1X1 X 1X1  matrix  x  is  "1"  and  all  other  entries  in  the  column  are  Os. 

5.1.2  Example 


Consider  the  functional  structure  shown  on  Figure  5.1.  It  has  two  roles  and  one  sensor 
whose  output  alphabet  is  { A,  B,  C}. 


Fig.  5.1  Colored  Petri  Net  model  of  a  Functional  Stnictiu^. 


X  is  the  set  of  token  colors  for  every  place,  and  the  set  of  occurrence  colors  of  every 
transition.  Each  arc  in  the  net  has  been  annotated  by  either  I  or  LI. 

<A><B><C> 
fl  0  0]<A> 

The  matrix  I  is  the  3  x  3  identity  matrix  0  10  <B> 

.0  0  lJ<C> 

<A><B><C> 

“l  0  0'|<A> 

The  matrix  LI  is  the  3  x  3  matrix  0  0  0  <B> 

.0  0  oJ<c> 

The  matrix  I  indicates  that  the  arc  is  activated  for  every  input  in  the  system,  whereas  LI 
indicates  that  the  arc  is  used  only  if  the  input  to  the  system  is  <A>.  The  functional  structure  of 
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Figure  5.1  is  a  structure  in  which  all  links  are  activated  over  all  possible  inputs,  except  the  link 
from  the  RS  stage  of  the  upper  role  to  the  Cl  stage  of  the  lower  role.  This  link  is  activated  if  and 
only  if  the  input  to  the  system  is  <A>. 

Figures  5.2  to  5.7  describe  variable  patterns  of  interaction  in  this  system.  Figure  5.2 
describes  a  case  in  which  the  input  to  the  system  is  <A>.  The  upper  role  has  done  its  processing 
up  to  its  RS  stage,  whereas  the  lower  role  has  done  its  processing  up  to  its  Q  stage. 


Note  that  only  the  frring  mode  <A>  of  the  RS  stage  of  the  upper  role  is  enabled.  This  RS 
stage  has  indeed  one  and  only  one  input  place,  which  contains  one  token  of  color  <A>. 
However,  the  Cl  stage  of  the  lower  role  is  not  enabled.  This  stage  has  two  input  places  and  the 
annotations  of  the  arcs  from  the  input  places  to  the  transition  indicate  that  the  arcs  must  carry  one 
token  of  color  <A>  if  the  transition  is  to  contribute  to  the  processing  of  the  input  <A>.  The  firing 
mode  <A>  is  not  enabled  because  one  input  pl^e  from  which  a  token  of  color  <A>  should  be 
removed  does  not  contain  one  such  token. 

Rgure  5.3  depicts  the  Colored  Petri  Net  and  its  marking  once  the  upper  role  has  selected 
a  response  induced  by  <A>,  i.e.,  orce  the  transition  RS  of  the  upper  role  has  fired  according  to 
its  firing  mode  <A>.  Observe  that  the  firing  mode  <A>  of  the  Cl  stage  of  the  lower  role  is  now 
eiuibled. 
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Fig.  5.3  Colored  Petri  Net  after  Firing 


If  the  Cl  stage  of  the  lower  role  fires  according  to  its  firing  mode  <A>,  the  maildng  becomes 
as  shown  in  Figure  5.4. 


Fig.  5.4  Colored  Petri  Net  after  second  Firing 

Figure  5.5  depicts  a  case  in  which  the  upper  role  has  done  its  processing  up  to  its  RS  stage, 
whereas  the  lower  role  has  done  its  processing  up  to  its  Q  stage.  The  firing  mode  <B>  of  the  RS 
stage  of  the  upper  role  is  enabled  because  its  unique  input  place  contains  one  token  of  color  <B>. 
Unlike  the  case  of  figure  5.2,  one  firing  mode  of  the  Cl  stage  of  the  lower  role  is  also  enabled. 
This  stage  has  two  input  places  but  the  annotations  of  the  arcs  indicate  that  only  the  arc  from  the 
intmal  place  to  the  Q  stage  must  carry  one  tolan  of  color  <B>  if  the  transition  is  to  contribute  to 
the  processing.  This  place  contains  one  token  of  color  <B>;  thus  the  lower  role  can  proceed  with 
its  command  interpretation,  irrespective  of  the  fact  that  its  other  input  place  is  empty. 
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Fig.  5.5  Colored  Petri  Net 


Both  the  RS  stage  of  the  upper  role  and  the  Cl  stage  of  the  lower  role  can  fire.  Figure  5.6 
depicts  the  new  marking  if  both  roles  fire  simultaneously. 


Fig.  5.6  Colored  Petri  Net  after  Firing 


5.1.3  Token-Colors  Continued 

In  order  to  simplify  the  notations,  this  thesis  adopts  the  convention  that  a  link  that  is  always 
activated,  i.c.  which  is  annotated  by  the  1X1  x  IXI  identity  matrix,  can  be  represented  by  a  simple 
arc  without  annotations.  This  convention  applies  in  particular  to  the  links  from  the  external  place 
to  the  sensors,  and  fiom  the  output  transition  to  the  sink.  Another  convention  has  to  do  with  the 
annotations  of  the  arcs  that  belong  to  the  same  link.  These  arcs  are  annotated  by  the  same  matrix, 
so  there  is  no  need  to  annotate  twice  the  same  matrix.  In  the  rest  of  this  thesis,  most  of  the  CPN 
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models  annotate  one  and  only  one  arc  of  any  link.  Next,  this  subsection  turns  to  the  tokens  in  the 
resource  structure. 

Proposition  5.3 

A  place  of  the  resource  structure  contains  tokens  whose  colors  are  <D>. 

Proof:  Each  place  in  the  resource  structure  indicates  whether  a  physical  resource  is 

available.  Each  physical  resource  has  a  number,  and  there  is  no  need  to  indicate 
any  more  information  than  the  number  of  the  resource  involved. 

The  resource  structure  is  depicted  in  a  very  simple  way. 

The  place  Resource  i,  i  =  1,..,  D,  can  contain  only  one  token  of  <i>,  because  it  indicates  the 
availability  of  the  i-th  physical  resource.  C(Resource  i)  =  {<i>}. 

For  each  role  j,  j  =  1..R,  the  place  Resources  Role  j,  which  contains  the  resources  assigned 
to  Role  j,  can  receive  any  physical  resource.  The  set  of  token  colors  is  C  =  {  <1>,...,  <D>}. 

The  transitions  that  describe  the  assignment  of  one  resource  to  the  roles  have  the  same  set  of 
occurrence  colors  C  =  (  <Role  1>,...,  <Role  R>},  the  set  of  roles. 

The  arc  from  every  place  Resource  i  to  the  transition  that  describes  the  assignment  of  the 
resource  is  always  activated.  Here  again  the  convention  is  adopted  that  these  arcs  need  not  be 
aimotated. 

If  the  physical  resource  i  can  be  assigned  to  Role  j,  there  exists  an  arc  from  the  transition  that 
represents  the  assignment  of  resource  i  to  the  place  Resources  Role  j.  This  arc  is  annotated  by  the 
1  X  R  matrix  whose  columns  correspond  to  the  roles.  The  j-th  entry  is  1  because  the  physical 
resource  can  be  assigned  to  Role  j,  the  other  entries  are  0.  This  arc  carries  a  token  of  color  <i>. 

A  model  of  a  resource  structure  is  depicted  on  Figure  5.7.  This  resource  structure 
corresponds  to  two  roles  and  two  resources.  Resource  1  and  Resource  2  can  be  assigned  to 
either  role.  The  marking  indicates  that  Resource  2  has  been  assigned  to  Role  2  and  that  Resource 
1  has  not  been  assigned.  The  arcs  have  been  annotated  by  A  and  B,  where 


Role  1  Role  2  Role  1  Role2 

A  =  [  1  0  ]  and  B  =  [  0  1] . 
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RSI  Role  1 


Resource  1 


RSI  Role  2 


Resource  2 


Resources  Role  2 


Fig.  5.7  Colored  Petri  Net  model  of  Resource  Structure 
5.2  COLORED  PETRI  NET  REPRESENTATION  OF  A  WDVS 

Section  5.1  described  the  principles  of  a  CPN  modeling  of  a  WDVS.  This  section  proves 
that  it  is  equivalent  to  specify  a  WDVS  in  a  matrix  form  or  a  WDVS  with  a  CPN  model. 
Throughout  this  section,  the  parameters  that  characterize  a  family  of  variable  structures:  N,  the 
number  of  sensors:  X,  the  set  of  inputs  to  the  system;  R,  the  number  of  roles;  D,  the  number  of 
physical  resources  are  supposed  to  be  rixed  and  well  known. 

5.2.1  Transitions 

Each  process  of  Chapter  IV  is  modeled  by  a  transition  whose  set  of  occurrence  colors  is  X. 

a)  Each  role  is  made  of  at  most  four  stages.  Each  role  is  thus  modeled  by  at  most  four 
transitions,  and  R  roles  contribute  at  most  4*R  transitions  to  the  structure. 

b)  N  transitions  model  the  communication  process  of  the  sensors'  observations. 

c)  The  transition  between  the  external  place  and  the  sensors,  which  models  the  fact  that  the 
observations  are  temporally  consistent,  and  the  transition  with  a  single  link  to  the  sink, 
which  models  the  communication  of  the  response  selected  by  the  system  to  the  effectors, 
must  also  be  added  to  a  CPN  model  of  the  structure. 
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Hence,  there  are  at  most  4R  +  N  +  2  transitions  in  a  CPN  model  of  a  WDVS. 


5.2.2  Places 

Several  notions  to  be  modeled  by  a  place  in  a  CPN  model  have  been  defined  in  Chapter  IV. 

a)  The  external  place.  This  place  models  the  environment  A  token  of  color  <xi,...,  xN>  in 
the  external  place  indicates  that  <xi,...,  xN>  is  the  set  of  observations  that  will  be 
processed  by  the  system. 

b)  The  sink.  This  place  models  the  effectors.  A  token  of  color  x  =  <xi,...,  xN>  is  put  in  the 
sink  to  model  the  reception  by  the  effectors  of  the  response  selected,when  the  input  is  x. 

c)  The  sensors.  N  places  are  created,  one  for  each  sensor.  Sensor  1,...,  Sensor  N.  A  token 
of  color  <xi,...,  xN>  put  in  a  place  that  models  a  sensor  indicates  that  the  observation  of 
the  sensor  can  be  accessed  by  the  roles. 

d)  Interactional  places.  An  interactional  place  belongs  to  a  link  that  models  an  interaction.  A 
place  is  represented  in  the  graph  if  the  interaction  is  activated  for  some  inputs  in  X. 

•  At  most  N  «  R  places  correspond  to  one  link  from  a  sensor  to  a  S  A  stage,  because  some 
sources  of  information  might  not  be  accessible  to  some  roles. 

•  At  most  R  *  (R  - 1)  places  model  an  interaction  between  the  SA  stage  of  one  role  and  the 
IF  stage  of  another  role. 

•  At  most  R  4r  (R  •  1)  places  model  an  intmction  between  the  RS  stage  of  one  role  and  the 
SA  stage  of  another  role. 

•  At  most  R  *  (R  - 1)  places  model  an  interaction  between  the  RS  stage  of  one  role  and  the 
IF  stage  of  another  role. 

•  At  most  R  *  (R  - 1)  places  model  an  interaction  between  the  RS  stage  of  one  role  and  the 
Q  stage  of  another  role. 

•  At  most  R  places  model  the  communication  of  the  response  selected  by  a  role  to  the 
effectors. 

e)  Internal  places  are  the  places  that  belong  to  an  internal  link.  Each  role  is  composed  of  at 
most  four  stages  which  account  for  at  most  three  internal  links  and  three  places.  There  are 
at  most  3  «  R  internal  places. 

In  conclusion,  there  are  at  most  2  +  N*R  +  4R*(R-l)  +  R  +  3  R  =  4R2  +  N*R  +  2 
places  in  a  CPN  model  of  a  WDVS. 
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5.2.3  Arcs 


Two  arcs  are  created  for  every  link  that  is  activated  by  at  least  one  input  to  the  system. 
Observe,  however,  that  internal  links  and  int^acdmial  links  are  not  equivalent  as  far  as  the  matrix 
representation  of  a  WDVS  is  concerned.  A  matrix  form  describes  the  activation  of  the 
interactional  links,  but  does  not  describe  the  interactional  links. 

Proposition  5.4 

The  activations  of  all  links  in  a  WDVS  are  uniquely  determined  by  the  activation  of  the 
interactional  links. 

Proof: 

Suppose  that  the  activatitHi  of  the  interactional  links  is  given.  The  activation  of  the  internal 
links  is  uniquely  determined  according  to  the  following  rules. 

•  Links  SA  ->  IF. 

A  link  from  the  S  A  stage  of  a  role  to  its  IF  stage  is  activated  if  and  only  if  the  SA 
transition  has  at  least  one  interactional  input  link  that  is  activated.  Furthermore, 
the  intemal  link  is  activated  by  any  input  that  activates  at  least  one  of  the  input 
links,  i.e.,  an  intemal  link  processes  all  information  received  by  its  input  process. 

•  Links  IF  ~>  CL 

A  link  between  IF  and  Q  of  a  role  is  activated  if  and  only  if  the  IF  transition  has 
at  least  one  input  link  -  interactitmal  or  intemal  -  that  is  activated.  Furthermore,  the 
intemal  link  is  activated  by  every  input  that  activates  at  least  one  of  the  input  links 
of  IF. 

•  Links  Cl  ->  RS. 

A  link  between  the  Cl  and  RS  stages  of  a  role  is  activated  if  and  only  if  the  Cl 
transition  has  at  least  one  input  link  -  interactional  or  intemal  -  that  is  activated, 
and  the  intemal  link  is  activated  by  every  input  that  activates  one  of  the  input  links 
of  Cl. 

Proposition  5.5 

Let  A  be  an  arc  that  corresponds  to  an  interactional  link  L  in  a  WDVS  FI-  The  matrix  that 
annotates  A  in  a  CPN  model  of  the  functional  structure  is  exactly  the  entry  that  corresponds 
to  L  in  (S,  s,  F,  G,  H,  C),  the  matrix  representation  of  0. 
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Proof: 

By  definition,  the  entry  that  corresponds  to  L  in  (S,  s,  F,  G,  H,  C)  is  a  IXI  x  IXI  diagonal 
matrix,  Lu  =  1  if  the  i-th  input  in  the  lexicographic  ordering  activates  the  link  and  =  0 
if  the  i-th  input  in  the  lexicographic  ordering  does  not  activate  the  link.  If  the  set  of 
token-colors  and  the  set  of  occurrence-colors  are  rankeu  in  the  lexicographic  ordering, 
then  this  matrix  indicates  that  a  token  of  color  x=<xi,...,xN>  is  carried  by  the  arcs  of  the 

link  when  the  system  processes  the  input  x=<xi . xN>,  i.e.,  that  the  link  is  activated 

and  that  the  activation  is  represented  by  an  exchange  of  a  token  whose  color  is 
x=<xi,...,xN>.  The  diagonal  matrix  [Ly]  has  all  the  properties  described  in  section  5.1 
and  is  the  proper  annotation  of  the  arc. 

Propositions  5.5  and  5.4  imply  that  a  CPN  model  of  a  WDVS  is  uniquely  determined  by 
the  representation  of  IT  in  a  matrix  form.  The  matrix  form  shows  the  interactions  that  are 
activated  and  must  be  depicted  by  an  interactional  link  (one  place  and  two  arcs)  in  the  CPN 
model  Furthermore,  the  entry  that  corresponds  to  an  interactional  link  is  the  matrix  that  annotates 
the  arcs.  Finally,  internal  links  are  automatically  created  once  interactional  links  are  given.  The 
annotations  of  both  arcs  of  an  internal  link  are  computed  as  the  meet  of  the  matrices  that  annotate 
the  input  transition.  Conversely,  it  is  easy  to  translate  a  C3PN  model  of  a  WDVS  into  a  matrix 
form.  The  representation  of  a  WDVS  in  a  matrix  form  or  as  a  CPN  are  equivalent. 

5.2.4  Example 

Let  us  illustrate  the  translation  from  a  matrix  form  into  a  LTN  model.  Consider  a  WDVS 
with  one  sensor,  whose  output  alphabet  is  {A,  B,  C},  and  two  roles.  Role  1  and  Role  2. 
Suppose  further  that  the  matrix  form  is 

S  =  [0, 1],  where  0  is  the  3  x  3  null  matrix  and  I  is  the  3  x  3  identity  matrix. 

s  =  [I,0],  F  =  H=  Q  Q  and  G=  q  ,C=  ^  q,  where  LI  and  L2  are 


Fig.  5.9  CPN  model  with  Internal  and  Interactional  links 


This  subsection  illustrated  the  one  to  one  correspondence  that  exists  between  matrix 
representations  of  WDVS  and  CPN  models  of  the  structures.  As  indicated  in  Chapter  IV,  a 
WDVS  is  also  a  mapping  from  X  into  the  set  of  fixed  structures  W.  The  next  subsection  relates 
this  approach  to  the  CPN  modeling. 


5.3  FOLDING  AND  UNFOLDING 

It  is  assumed  in  this  subsection  that  the  parameters  X,  N,  R  ate  fixed  and  well  known. 
Proposition  5.6 

Each  elonait  of  W  can  be  represented  by  one  and  only  one  Ordinary  Petri  Net 
Proof: 

Let  £  =  (S,  s,  F,  G,  H,  C)  be  some  element  of  W.  £  describes  fixed  interactions  in  a 
structure.  The  methodology  of  5.2  can  be  almost  literally  adapted  to  associate  one 
Ordinary  Petri  Net  model  to  each  fixed  structures  in  W.  A  transition  is  created  for  each 
process  in  the  fixed  structure.  Places  that  represent  the  external  place,  the  sink,  and  the 
sensors  are  automatically  created.  Each  fixed  interaction  is  modeled  by  one  place  and  two 
arcs  without  annotations.  If  the  interaction  exists  in  the  fixed  structure,  the  place  and  the 
arcs  are  incorporated  in  the  net  If  the  infraction  does  not  exist  the  place  and  the  arcs  are 
not  represented.  Finally,  internal  links  are  uniquely  determined  by  the  interactional  links, 
as  for  variable  structures,  and  the  rules  described  in  proposition  5.4  are  valid. 
Reciprocally,  each  Ordinary  Petri  Net  model  of  a  structure  can  be  translated  without  any 
dtfficulty  into  a  matrix  fonxt 

By  combining  propositions  4.3  and  5.6  one  easily  sees  that  a  WDVS  is  a  mapping  firom  X 
into  the  set  of  Ordinary  Petri  Nets  since  each  fixed  structure  in  the  support  of  the  WDVS  is 
associated  with  a  unique  Ordinary  Petri  Net  The  elements  of  the  support  can  be  described 
alternatively  as  matrices  or  Ordinary  Petri  Nets.  Proposition  5.7  states  an  important  relationship 
between  the  Ordinary  Petri  Nets  in  the  support  of  a  WDVS  11  and  the  C3*N  model  of  H- 

Proposition  5.7 

Let  n  be  a  WDVS,  and  £i,...,  £4^  be  the  Ordinary  Petri  Nets  in  the  support 
The  CPN  model  of  IT  is  obtained  by 

•  Computing  the  join  £4  u  £2  U...U  £^,  which  is  the  graphical  support  of  the  CPN. 

•  Let  A  be  an  arc  that  belongs  to  £4  u  £2  u...u  £]^  A  is  annotated  by  a  IXI  x  IXI  diagonal 
matrix  such  that  if  k(x)  is  the  rank  of  x  in  the  lexicographic  ordering  of  X  then, 

A  k(x)  k(x)  “  1  ^  n(x)  contains  A  and  Aic(x)  k(x)  =  0  <=>  IKx)  does  not  contain  A. 
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Proof: 

If  an  arc  is  represented  on  a  CPN  model  of  the  structure,  this  arc  is  activated  by  some 
input  X.  Therefore  IlCx)  belongs  to  the  support  and  contains  A,  as  does 
Reciprocally,  if  an  arc  belongs  to  £2  ^  ^  tben  at  least  one  element  of  the 

support  £|  contains  A.  A  is  activated  by  at  least  one  x  such  that  IKx)  =  Zj. 

Finally,  it  is  clear  from  the  definition  of  the  support  that  an  arc  A  is  activated  by  every 
input  such  that  IKx)  contains  A. 

Proposition  5.8 

Any  CPN  model  of  a  WDVS  can  be  translated  into  a  mapping  of  X  into  the  set 
of  Ordinary  Petri  Nets. 

Proof: 

Any  CPN  model  can  be  translated  into  a  matrix  form.  This  matrix  form  can  be  translated 
into  a  mapping  ^m  X  to  W,  which  is  automatically  translated  into  a  mapping  from  X 
into  the  set  of  Ordinary  Petri  Nets. 

Propositions  5.7  and  5.8  present  two  methods  to  describe  and  analyze  a  WDVS.  These 
methods  can  be  referred  to  zs  folding  and  urfolding.  Proposition  5.7  describes  an  automatic  way 
to  translate  a  mapping  from  X  to  a  set  of  k  Ordinary  Petri  Nets  into  a  CPN,  i.e.,  a  way  to  fold  the 
k  Ordinary  Petri  Nets  into  one  CPN,  and  to  annotate  the  arcs  of  the  CPN  so  as  to  indicate  the 
elements  of  X  that  activate  them.  Conversely,  Proposition  5.8  provides  an  automatic  procedure 
to  unfold  a  CPN  model  of  a  WDVS  into  a  mapping  from  X  to  a  subset  of  k  different  Ordinary 
Petri  Nets.  These  possibilities  are  exploited  extensively  in  the  rest  of  this  thesis. 

A  folding  and  an  unfolding  are  given  below. 

Consider  the  WDVS  of  Hgure  5.9.  This  variable  structure  can  be  unfolded  as  a  mapping: 

<A>  -->  to  ,  <B>  Z2,  and  <0  ->  Z2 

with  Zj  the  Ordinary  Petri  Net  of  Figure  5. 10 
and  Z2  being  the  Ordinary  Petri  Net  of  Figure  5. 1 1 
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Fig.  5.10  WDFS  Z 


Fig.  5.11  WDFSZ2 


Reciprocally,  consider  the  moping: 

<A>  ->  Z'l,  <B>  -->  Z'2,  <0  ->  Tj 
with  Z']. ,  Z2  and  Z'3  represented  in  Figures  5.12, 5.13  and  5.14 


Fig  5.12  WDFSZ’i 


J-O+O^l — 

c>l  ^ - - - n  Vo 

(Vl-0+0-4<)-4-<>f 


Fig.  5.13  WDFS  1*2 


^  J 


Fig.  5.14  WDFS  I’s 


Then,  the  folding  into  one  CPN  model  of  the  WDVS  yields  the  CPN  of  Figure  5. 15 


Rolel 


Sensor 


0-*<>4<>-4<>4<>^ 


X  =  {A,  B,  C) 


Fig.  5.15  Folded  Structure 


1  0  0l<A>  fl  0  Ol^  0  0  0  <A> 

whercLl=  0  0  0  <B>  ,  L2=  0  1  0  <B>.andL3=  0  0  0^ 

0  0  0j<c>  Lo  0  0j<c>  LO  0  lj<c> 


5.4  USEFUL  PROPERTIES  OF  WDFS 


Proposition  5.9  characterizes  a  class  of  Ordinary  Petri  Nets  that  model  some  elements  of  W. 
Proposition  5.9  (Remy) 

Let  the  external  place  and  the  sink  of  the  Ordinary  Petri  Net  representing  a  WDFS  be 

combined  into  a  unique  place.  If  the  resulting  Petri  Net  is  strongly  connected,  it  is  a  marked 

graph. 

The  proof  is  straightforward.  Each  internal  or  interactional  place  has  exactly  one  input  and 
one  output  transition.  The  sink  has  one  input  transition  but  no  output  transitions,  while  the 
opposite  holds  for  the  external  place.  If  the  external  place  and  the  sink  are  merged  together  into 
one  single  place,  every  place  in  the  net  will  therefore  have  one  input  and  one  output  transition. 
Since  the  net  is  strongly  connected,  every  transition  has  at  least  one  input  place  and  one  output 
place,  and  the  net  is  a  marked  graph. 

Proposition  5.9  implies,  in  particular,  that  if  each  WDFS  in  the  support  is  strongly 
connected,  each  element  in  the  support  is  a  marked  graph,  and  such  is  their  join:  every  place  has 
exactly  one  input  and  one  output  transition,  in  ^e  Colored  Petri  Net  model  as  well  as  in  the 
Ordinary  Petri  Net  model.  The  graphical  support  of  the  CPN  is  a  thus  a  marked  graph  if  every 
element  in  the  support  is  strongly  connected. 

Note  finally  that  combitting  the  external  place  and  the  sink  in  a  single  place  has  no  bearing 
on  the  internal  topology  of  the  net  This  assumption  is  introduced  because  it  facilitates  the 
exposition  of  the  results  in  Chapter  Vm  as  well  as  an  implementation  of  the  methodology. 
However,  this  assumption  can  become  critical  in  other  contexts,  such  as  the  study  of  the 
dynamical  behavior  of  the  CPN.  In  those  cases,  the  external  place  and  the  sink  should  not  be 
merged. 

5.5  DESIGN  PROBLEM 

It  is  now  possible  to  formulate  the  part  of  the  feasibility  study  that  is  addressed  by  this 
thesis.  In  Chapter  I,  the  needs  of  a  team  responsible  for  the  feasibility  study  of  a  distributed 
intelligence  system  were  considered.  This  thesis  assumes  that  the  team  is  at  a  very  early  stage  of 
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the  study,  and  wants  to  generate  all  physical  structures  that  can  be  solutions  to  the  problem.  The 
ultimate  goal  is  to  the  performance  of  a  large  set  of  solutions,  with  the  System  Effectiveness 
Analysis  methodology  for  example,  to  gain  a  fair  insight  into  the  feasibility  of  the  problem.  Once 
the  performance  of  the  structures  is  predicted,  the  team  will  opt  for  a  small  number  of  candidate 
stmctures  that  will  be  studied  in  more  detail.  This  thesis  suggests  that  the  first  step  of  the  design 
problem  is  to  generate  the  CPN  models  of  the  variable  structures  which  satisfy  the  requirements 
of  the  design.  The  performance  of  the  variable  structures  can  be  determined  using  the  extension 
of  System  Effectiveness  Analysis  in  Monguillet  (1988),  which  require  the  use  of  CPNs. 

This  thesis  has  presented  a  model  of  variable  stmcture  systems  that  can  be  automatically 
translated  into  the  language  of  Colored  Petri  Nets.  Next,  the  problem  of  generating  a  variable 
structure  is  tackled  in  two  steps.  The  first  is  to  generate  a  CPN  model  of  the  functional  structure, 
and  the  second  is  to  add  to  this  CPN  a  description  of  the  assignment  of  resources  to  the  roles. 

In  the  first  step,  the  set  of  WDVS  is  characterized  by  four  set  of  parameters 

•  X,  the  set  of  inputs  to  the  system. 

•  N,  the  number  of  sensors. 

•  /?,  the  set  of  different  roles  from  which  the  system  may  be  built  This  set  contains  all  the 
combinations  of  decisionmaking  processes  that  can  be  performed  by  some  entity.  Let  r  be 
its  cardinality. 

•  {q,  i  =  l..r},  the  set  of  degrees  of  redundancy  of  each  role.  The  degree  of  redundancy  q 

is  the  number  of  entities  that  operate  concurrently  according  to  the  i-th  role  during  the 
processing  of  some  input  to  the  system.  For  any  input  its  functional  structure  activates  R 
roles  with 
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This  thesis  assumes  that  these  parameters  are  fixed  by  the  team  in  charge  of  research  and 
development  before  using  the  methodology  of  this  thesis.  The  idea  is  that  the  team  can  start 
investigating  the  candidate  structures  only  once  it  has  gained  some  knowledge  of  the  functions 
(the  roles)  that  must  be  embedded  in  the  system.  These  parameters  are  fairly  general,  and  furnish 
the  basic  dimensions  of  the  system.  If  the  team  wants  to  use  other  combinations  of  the 
parameters,  it  must  reapply  the  methodology  each  time. 
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In  die  second  step,  the  parameters  are  the  physical  resources.  It  is  assumed  in  this  thesis  that 
the  assignment  of  the  resources  to  the  different  roles  is  an  input  to  the  design  problem.  The 
description  of  the  assignment  of  the  resources  can  be  done  automatically  once  a  functional 
structure  is  created.  The  main  rationale  behind  this  assumption  is  the  scope  of  the  thesis.  The 
generation  of  resource  structures  could  not  be  tacikled  within  the  firamewotk  of  a  Master’s  thesis, 
and  remains  an  open  question. 


CHAPTER  VI 


CONSTRAINTS 


Well  defined  variable  and  fixed  structures  have  been  introduced  in  Chapter  IV.  It  has  been 
noted  that  any  variable  functional  structure  is  a  Well  Defined  Variable  Structure,  but  that  the 
converse  might  not  be  true.  In  this  chapter,  the  ccmstraints  that  must  be  verified  by  Well  Defined 
Variable  Structures  are  presented. 

6.1  INTRODUCTION 

Several  properties  of  the  set  of  well  defined  variable  structures  V  lead  to  the  definition  of 
constraints  diat  must  be  satisfied  by  the  elements  of  V  to  solve  the  design  problem  of  a  Research 
&  Develt^mient  team. 

(a)  Some  Well  Defined  Variable  Structures  correspond  to  patterns  of  mteractions  between 
roles  that  do  not  make  sense.  The  designers  do  not  want  to  obtain  these  structures  as 
candidate  architectures  for  the  system  under  study.  There  is  thus  a  need  to  define 
structural  constraints,  which  define  the  types  of  WDVS  that  must  be  ruled  out 
within  the  model  of  this  thesis. 

(b)  For  that  purpose  it  is  convenient  to  consider  V  as  the  set  of  mappings  from  X  to  W, 
which  makes  it  possible  to  distinguish  two  types  of  structural  constraints.  First, 
constraints  are  imposed  on  the  set  W  to  obtain  fixed  data  flow  structures  that  make 
physical  sense.  Then,  admissible  assignments  associate  an  admissible  fixed  structure 
with  each  x  and  must  verify  additioiuil  properties  as  well. 

(c)  Any  practical  procedure  has  to  allow  the  designer  to  investigate  only  those  candidate 
structures  that  correspond  to  the  degree  of  knowledge  he  has  about  the  system,  the 
technological  limitations,  the  physical  limitations,  etc.  The  methodology  has  to 
compute  only  the  structures  that  are  of  interest  for  the  problem  addressed  by 
the  designer.  Ife  must  thus  be  given  the  possibility  to  translate  his  knowledge  about 
the  system  into  mathematical  terms  by  imposing  user^defined  constraints. 

(d)  Finally,  the  introduction  of  constraints  on  the  set  of  variable  structures  can 
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significantly  reduce  the  computational  requirements,  while  still  allowing  one  to  benefit 
from  the  lattice  stmcture  of  V  and  W. 

6.2  STRUCTURAL  CONSTRAINTS 

A  WDVS  that  makes  physical  sense  must  satisfy  two  sets  of  properties: 

(1)  Its  support  must  be  made  of  fixed  structures  that  make  physical  sense.  These 
constraints  are  described  in  section  6.2.1. 

(2)  If  the  support  of  a  variable  structure  is  made  out  of  the  k  ^ed  structures 

the  mapping  of  X  onto  {Jl,...,Jk}  must  be  realistic.  Those  constraints  are  described 
in  section  6.2.3 

6.2.1  Constraints  on  Fixed  Stmctures 

Constraints  on  the  set  of  fixed  structures  have  been  defined  in  Remy  (1986)  using  a 
different  model.  In  the  sequel,  these  constraints  are  adapted  to  the  context  of  this  thesis.  Let  IT  be 
a  variable  structure.  For  any  x.  x  in  X,  its  associated  fixed  stmcture  IlCx)  must  satisfy 

•  (Rl)  (a)  The  Ordinary  Petri  Net  that  corresponds  to  IlCx)  should  be  connected,  i.e., 

there  should  be  at  least  one  (undirected)  path  between  any  two  nodes  in  the  Net 
(b)  A  directed  path  should  exist  from  the  external  place  to  every  node  of  the  PN 
and  from  every  node  to  the  sink. 

•  (R2)  The  Ordinary  Petri  Net  that  corresponds  to  IKx)  should  have  no  loops,  i.e.,  the 

stmcture  is  acyclic. 

•  (R3)  In  the  Ordinary  Petri  Net  that  corre^nds  to  IKx),  there  can  be  at  most  one  link 

from  the  RS  stage  of  a  role  i  to  another  role  j,  i.e.,  for  each  i  and  j,  only  one 
element  of  the  triplet  {G(x)|j,  H  (x)|j,  C  (x)ij}  can  be  non-zero. 

•  (R4)  Information  fusion  can  take  place  only  at  the  IF  and  Cl  stages.  Consequently,  the 

SA  stage  of  a  role  can  cither  receive  observations  from  sensors,  or  receive  one 
and  only  one  response  sent  by  some  other  role. 
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•  (R5)  There  cannot  be  one  link  fiom  the  S  A  stage  of  role  i  to  the  IF  stage  of  role  j  and  a 

link  from  the  RS  stage  of  role  i  to  the  S  A  stage  of  role  j. 

Each  WDFS  that  fulfills  these  constraints  is  called  an  admissible  fixed  structure  (AFS).  The 
set  of  all  AFSs  is  called  AW.  These  constraints  can  be  interpreted  as  follows.  Constraint  Rl(a) 
eliminates  a  data  flow  structure  that  does  not  represent  a  single  structure.  Constraint  Rl(b) 
insures  that  the  flow  of  information  is  continuous  within  the  organization,  that  there  are  no  other 
sources  of  information  than  the  N  Sensors. 

Constraint  R2  allows  acyclical  fixed  dataflow  structures  only.  The  acyclical  hypothesis  is 
very  general  as  far  as  data  flow  structures  are  concerned.  This  restriction  is  imposed  to  avoid 
deadlocks  and  infinite  circulation  of  messages  within  the  organization.  Deadlock  occurs  when 
one  decisionmaker  is  waiting  for  a  message  firom  another,  while  the  second  one  is  in  turn  waiting 
for  an  input  from  the  first.  An  infinite  circulation  of  messages  occurs  when  the  reception  of 
message  1  at  role  1  triggers  the  communication  of  message  2  to  role  2,  and  when  the  reception  of 
message  2  at  role  2  triggers  the  communication  of  message  1  to  role  1.  Note,  however,  that 
constraint  R2  does  not  imply  that  the  graphical  representation  of  the  variable  structure  is 
acyclical,  because  the  folding  of  acyclical  nets  can  yield  a  net  with  loops.  Furthermore,  when  the 
resource  structure  is  added  to  a  CPN  model  of  the  functional  structure,  resource  loops  and  role 
loops  are  created.  The  constraint  of  acyclicity  is  restricted  to  the  elements  of  W. 

Constraint  R3  indicates  that  it  does  not  make  sense  to  send  the  same  ou^ut  to  the  same  role 
at  several  stages.  It  is  assumed  that  once  the  output  has  been  received  by  a  role,  this  output  is 
stored  in  its  internal  memoiy  and  can  be  accessed  at  later  stages. 

Constraint  R4  has  to  do  with  the  nature  of  the  IF  stage.The  IF  stage  has  been  introduced 
explicitly  to  perform  a  fusion  between  the  situation  assessments  performed  by  the  other  roles. 
There  are  thus  two  cases.  Either  the  role  receives  the  observations  from  at  least  one  sensor  and 
fuses  the  inputs  fiom  the  other  roles  at  the  IF  stage,  or  the  role  monitors  no  direct  observations. 
In  the  latter  case,  there  can  be  at  most  one  link  to  the  SA  stage,  which  indicates  that  the  role  is 
activated.  Inputs  that  come  from  different  roles  in  the  system  are  fused  together  in  the  IF  stage. 

Finally,  Constraint  R5  has  been  introduced  to  avoid  the  interactions  of  Figure  6.1.  In  this 
pattern  of  interactions  Role  i  would  send  its  situation  assessment  to  Role  j,  but  Role  j  would  not 
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process  it  until  it  had  received  the  final  response  of  Role  i.  The  response  of  Role  i  is  thus  no  real 
input  for  Role  j,  but  rather  a  response  to  be  fused  with  the  information  received.  The  physical 
interaction  is  thus  much  more  appropriately  described  by  Fig.  6.2 


6.2.2  Mathematical  Representation  of  the  Constraints  on  W. 

The  constraints  on  WDFS  can  be  translated  into  framal  ones  as  follows. 

Constraint  Rl. 

If  the  external  place  and  the  sink  are  merged  in  the  Petri  Net  that  depicts  ITCx), 
then  Rl(a)  and  Rl(b)  can  be  formulated  by 

The  Petri  Net  representing  n(x)  should  be  strongly  connected. 

Corollary.  Proposition  5.9  indicates  that  any  element  of  W  that  satisfies  Constraint 


100 


R1  is  a  maiked  graph. 


Constraint  R2. 

Suppose  that  R1  is  fulfilled  and  that  the  external  place  and  the  sink  are  merged 
together  in  a  single  place.  Constraint  R2  becomes 

All  simple  information  flow  paths  of  the  Petri  Net  contain  the  external  place. 

where  simple  information  flow  paths  have  been  described  in  Definition  2. 14. 

Constraint  R3. 

The  analytical  expression  of  this  constraint  is  straightforward: 


Constraint  R4. 

like  R3,  R4  is  translated  easily  into 

Vj€lI.Jtl  <  Max,  (S,p)  *  S  I 

i  in  11.  Jt] 


Constraint  R5. 

Hnally  R5  is  trivially  expressed  by 

6.2.3  Constraints  on  Assignments 

Suppose  now  that  {Ji, ....  J^)  is  a  set  of  k  fixed  structures  that  fulfill  Rl,...,  R5.  This 
section  describes  the  conditions  that  must  be  fulfilled  by  a  mapping  from  X  onto  (Ji, ...,  Jj^}. 

Definiti(m6.1 
Let  L  be  a  link 

If  L  is  present  in  at  least  one  fixed  structure  L  is  said  to  be  admissible. 
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If  L  is  not  present  in  any  of  the  k  fixed  structures,  L  is  said  to  be  inadmissible. 

If  L  is  admissible  and  present  in  all  WDFS  Ji, Jjp  L  is  said  to  be  permanent. 
If  L  is  admissible  but  not  permanent,  L  is  said  to  be  variable  over  ( J^, ..., 

Example  6.1: 

Consider  the  four  fixed  structures  represented  on  Figure  6.3. 


Fig.  6.3  Four  WDFS 

Over  those  four  structures  three  links  are  variable.  Two  from  the  lower  role  to  the 
upper  role  and  one  from  the  upper  role  to  the  lower  role. 

Let  n  be  a  mapping  from  the  set  of  inputs  X  to  the  set  W.  H  is  an  admissible  variable 
structure  ( AVS)  if  it  satisfies  the  following  constraints 

(R6)  The  support  of  11  is  a  subset  of  AW. 

(R7)  Any  link  in  S  and  G  that  is  admissible  is  permanent  over  the  support  of  IT. 

(R8)  If  the  first  stage  of  a  role  i  is  BF,  then  each  input  link  Fjj,  Hjj  for  j  in  [1..R]  is 
permanent. 

(R9)  If  the  first  stage  of  a  role  i  is  Cl,  then  each  input  link  Cjj  for  j  in  [1..R]  is 
pomanent 

Finally,  the  last  constraint  RIO  can  be  understood  with  the  notions  of  Definition  6.2. 
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Definiti(xi  6.2 

Let  £  be  a  fixed  structure,  and  T  be  any  process  modeled  by  a  transition  t  The  alphabet 
Xi  is  said  to  be  accessible  at  t  if  and  only  if  there  is  a  path  from  Sensor  i  to  transition  t  in 
the  Petri  Net  that  depicts  £. 

In  other  words,  Xi  is  accessible  at  T  if  the  information  that  is  contained  in  the  output  of 
Sensor  i  can  be  used  at  the  stage  T.  Conversely,  if  an  alphabet  Xi  is  not  accessible  at  some  stage 
T,  then  the  stage  cannot  base  its  processing  and  pattern  of  interactions  on  the  observations  of 
Sensor  i. 

Example  6.2: 

Fig  6.4  represents  one  tixed  structure  with  three  sensors  and  three  roles.  Each  internal 
stage  in  the  structure  as  well  as  the  output  stage  have  been  annotated  with  the  alphabets 
that  are  accessible  at  that  stage.  Some  processes  have  no  accessible  alphabets,  and  have 
been  annotated  by  0. 


XI.  X2  XI.  X2  XI.  X2  XI.  X2 


0  0  0  0 
Hg.  6.4  Accessible  Alphabets 
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Constraint  RIO  has  to  do  with  the  partitioning  of  the  set  of  inputs  at  variable  links. 

(RIO)  L**»  L  be  a  variable  link  between  two  stages  tl  and  t2.  Let  AC  =  {x  s.t.  IKx) 
contains  L),  DC  =  {x  s.t.  IKx)  does  not  contain  L}  and  Xij,..,  Xij^  be  the 
effective  alphabets  of  the  partititMi  of  X  into  AC  and  DC. 

The  variable  interaction  that  coiresponds  to  L  is  properly  coordinated 
if  and  only  if 

The  alphabets  Xii,..,  Xi^  are  accessible  in  every  fixed  structure  IKx) 

•  attl 

•  at  the  internal  stage  that  precedes  t2. 

The  rationale  for  these  constraints  is  as  follows.  Constraint  R6  is  just  a  reminder  of  the  fact 
that  the  fixed  structure  associated  with  the  processing  of  each  input  must  be  an  admissible  fixed 
structure.  Constraints  R7,  R8,  and  R9  proceed  from  a  common  rationale.  They  simply  state  that 
a  role  at  its  input  stage  has  no  previous  knowledge  about  the  input  to  the  system,  and  can  only 
await  information  from  sources  over  permanent  links.  Thus,  at  the  S  A  stage,  any  link  between 
the  sensors  and  the  roles  must  be  fixed.  Similarly,  if  a  role  receives  the  response  from  another 
role,  the  latter  must  always  communicate  its  response  (R7).  Constraints  R8  and  R9  incorporate 
the  fact  that  the  input  stage  of  a  role  can  be  the  Information  Fusion  or  Command  Interpretation 
stages. 

Constraint  RIO  states  that  a  variable  interaction  between  two  stages  tl  and  t2  must  be 
coordinated  on  sources  of  information  that  are  accessed  jointly  by  the  roles  that  interact.  The 
stage  tl  must  determine,  based  on  some  information  it  has  processed,  whether  it  has  to  send  a 
message  to  t2.  Similarly,  the  role  that  contains  t2  must  infer  from  some  of  the  inforniadon  it  has 
already  received,  whether  or  not  it  must  wait  for  a  message  from  tl  before  initiating  process  t2. 
Observe  that  the  role  containing  t2  has  received  this  information  at  the  internal  stage  preceding  t2. 

The  roles  must  be  interacting  based  on  the  same  information,  which  has  been  generated  by 
the  sensor's  observations.  The  roles  must  thus  recognize,  from  the  same  combinations  of 
sensor's  outputs,  the  existence  or  the  absence  of  the  interaction.  Any  variable  interaction  induces 
a  partition  of  X  into  two  subsets:  The  inputs  that  activate  the  link,  i.e.  (x  s.t.  IKx)  contains  the 
fixed  interaction  L)  =  AC;  and  the  inputs  that  do  not  activate  the  link,  i.e.  {x  s.t.  IKx)  does  not 
contain  the  fixed  interaction  L)  =  DC.  Proposition  4.9  indicates  that  Xii ,..,  Xij^  are  the 
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effective  alphabets  if  this  interaction  is  based  on  the  outputs  of  Sensor  ij,  Sensor  ij^. 
Constraint  RIO  insures  that  the  information  generated  by  the  outputs  of  Sensor  ii,..., Sensor  i^  is 
accessible  in  every  dataflow  structure  at  the  stages  where  it  is  needed. 


Example  6.3:  Figures  6.5  and  6.6  represent  two  admissible  fixed  structures  with  one 

variable  link,  the  link  fix)m  the  RS  stage  of  role  1  to  the  IF  stage  of  role  2. 


Sensor 


j  {Xl,  X2}  {XI,  X2}  {XI.  X2}  (Xl,  X2i 


Role  1 


Sensor  2i 


{Xl,  X2,  X3} 


Sensor  3 


Role  2 


(X2.X3}  (X2,X3)  {X2,X3}  {X2,  X3} 


Fig.  6.5  Fixed  Structure 


Sensor  1  (Xl.  X2}  (Xl,  X2)  (Xl,  X2)  {Xl,  X2} 


Role  1 


Sensor  2: 


{Xl,  X2,  X3} 


Sensor  3 


Role  2 


{X2,  X3}  {X1,X2,X3}  {X1,X2,X3}  {Xl,  X2,  X3} 


Hg.  6.6  Fixed  Structure  and  Variable  Link 


The  alphabets  that  are  effective  at  each  stage  have  been  represented  on  each 
admissible  fixed  structures.  Over  both  fixed  structures,  the  RS  stage  of  role  1  and 
the  SA  stage  of  role  2  have  one  and  only  one  common  admissible  alphabet,  X2. 
The  partition  of  X  at  the  level  of  the  variable  link  must  be  of  Type  X2.  In  other 
words,  the  variability  of  the  link  can  only  be  based  on  observations  of  Sensor  S2, 
the  only  source  of  information  that  is  accessed  by  both  role  1  and  role  2. 

6.2.4  Mathematical  Representation  of  the  Constraints  on  V 

The  constraints  can  be  translated  into  analytical  constraints  without  any  difficulty. 

Constraint  R6 

VxeX  n(x)€AW 

Constraint  R7 

(BxeX  s.t.  S..  (x)^l  )=>(Vx  (x)  =  l) 

(3x€  X  SJ.  G.J  (x)  =  1  )=^ 

Constraint  R8 

(Vi  Vx  S.J  (x)  =  G.J  (x)  =  0and3  3x  s.t.  F.qJ[x)  =  1 )  =>(Vx  F.^.  (x)  =  1) 
(Vi  Vx  (x)  =  G.J  (x)  =  0  and  3  i^  3  x  s.t.  H^j(x)  =  1 )  =^(Vx  (x)  =  1) 


Constraint  R9 

(Vi  Vx  S.J  (X)  =  G..  (X)  =  F.J  (x)  =  H..  (X)  =  0and3i^3x  5.t.  C.^j  (x)  =  1 ) 

=^(VxC^.(x)  =  l) 

*0-' 


Finally,  constraint  RIO  is  expressed  by 

Let  Lbea  link.  (  3x  3x'  L(x)  =  1  and  L(x')  =  0)  => 

(  (Vx  in  X  3  path  from  Sensor  i  to  L  in  IKx) )  ^  (Xi  can  be  effective)  ). 

If  a  WDVS  satisfies  constraints  R6  to  RIO  it  is  said  to  be  an  Admissible  Variable  Structure 
(A VS).  The  set  of  aU  AVSs  is  called  AV. 
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6.2.5  Accessible  Pattern 


Constraint  RIO  is  very  important,  because  it  relates  topological  properties  of  the  fixed 
structiures  to  the  properties  that  must  be  fulfilled  by  the  assignments.  The  notation  to  be 
introduced  in  Definition  6.3  provides  an  elegant  tool  to  deal  with  those  properties. 

DefiniticMi  6.3 

Let  I>  be  any  admissible  fixed  structure  in  AW.  Its  accessible  pattern  is  a  set  of  arrays 
E  (I)  =  [  F,  (2),  He  (2),  Ce  (2).  Se  (2)]. 

•  Fg  (11).  He  (IT),  Ce  (11)  are  three  R  x  R  arrays  that  correspond  to  the  interactions 
between  roles  that  can  be  variable. 

•  Se  (11)  is  an  R  X  1  array  that  corresponds  to  the  links  from  the  roles  to  the 
effectors,  which  can  be  variable. 

•  The  entry  of  each  array  is  a  subset  of  {XI, ...,  XN) . 

•  Fe  (2)  y  contains  the  alphabets  that  are  accessible  at  the  S  A  stage  of  role  i  and  at 
the  S  A  stage  of  role  j  in  2. 

•  Hg  (2)  ij  contains  the  alphabets  that  are  accessible  at  the  RS  stage  of  role  i  and 
at  the  S  A  stage  of  role  j  in  2. 

•  Ce  (2)  y  contains  the  alphabets  that  are  accessible  at  the  RS  stages  of  role  i  and 
at  the  IF  stage  of  role  j  in  2. 

•  Se  (Q  y  contains  the  alphabets  that  are  accessible  at  the  RS  stage  of  role  i  in  2. 

Remark :  The  diagonal  entries  are  filled  with  0,  because  they  do  not  correspond  to 

any  link  in  the  system. 

This  notation  is  explicitly  introduced  to  indicate  for  each  interaction,  whether  or  not  it 
exists,  the  alphabets  that  are  accessible  at  both  end  stages  of  the  interaction.  Thovfore,  if  this 
interaction  varies  over  a  range  of  fixed  admissible  structures  to  the  accessible  pattern  E(Jj) 
indicates  the  constraints  on  the  partition  at  each  link  that  come  from  the  AFS  Jj.  See  below  for  a 
detailed  statement.  The  fact  that  the  interactions  between  sensors  and  roles,  and  between  RS 
stages  and  SA  stages,  have  been  omitted  is  a  result  of  the  constraints  R7  and  R8,  which  state  that 
these  interactions  must  be  fixed.  There  is  no  n^  to  check  efieedve  and  accessible  alphabets  for 
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those  links. 


Example  6.4: 

Let  us  consider  the  admissible  fixed  structure  £  of  Figure  6.7.  The  set  of  alphabets 
that  are  accessible  at  each  stage  have  been  indicated  on  the  net 


Its  accessible  pattern  is  given  by 


*’•^=[0  0} 

r  0 

Ce(I)=[{xi,x2.  X3} 


0  {X3)' 

{X2,X3}  0  . 


{X3}1  r{Xl,X2,X3} 

0  J’  ®e^^^“L{Xl,X2,  X3} 


•  Fe(£)  indicates  that  no  alphabet  is  accessible  at  both  RS  stages. 

•  He(£)  indicates  that  X3  is  accessible  at  both  the  RS  stage  of  Role  1  and  the  SA 
stage  of  role  2  and  that  XI  and  X2  are  accessible  at  both  the  RS  stage  of  role  2 
and  the  SA  stage  of  role  1. 

•  Ce(£)  shows  that  X3  is  accessible  at  both  the  RS  stage  of  role  1  and  the  IF  stage 
of  role  2,  while  XI,  X2  and  X3  are  accessible  at  both  the  RS  stage  of  role  2  and 
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the  IF  stage  of  role  1. 

•  Se(£)  indicates  that  XI,  X2  and  X3  are  accessible  at  both  RS  stages. 

6.2.6  G>nstraint  RIO  Revisited 

As  mentioned  earlier,  the  accessible  patterns  are  an  elegant  tool  for  providing  another 
mathematical  expression  of  the  constraint  RIO.  For  that  ptn^se.  Definition  6.4  defines  the 
intersection  of  accessible  alphabets. 

Definition  6.4 

Let  E  (Z)  and  E  (Z')  be  two  accessible  patterns.  Their  intersection  E  (Z)  INT  E  (Z*)  is 
defined  quite  naturally  as, 

[Fe(Z)nF.(Z*),  He(Z)nH*(Z‘),  C.  (Z)  n  (Z*),  s^  (Z)  n  s^  (Z’)] 
where  n  denotes  the  usual  intersection  of  subsets  of  {XI,  X2,..,  XN). 


Exa£q)le  6.S: 

The  accessible  pattern  of  the  AFS  of  Example  6.4  is 

-  [0  0 

c  ^  tX3}]  [{Xl,  X2,  X3} 

Le  w  =  [  jxi,  X2,  X3}  0  J’  ”L{X1.  X2,  X3} 


,  HeW-[(X2,X3}  0 


Let  us  ccxisider  an  other  accessible  patt^  ECZ*). 


Fed') 

Ced*) 


'0 

0 

r  0 

{X3}' 

.0 

0} 

Hed')-[{X3) 

0  . 

0 

(XI,  X2,  X3}‘ 

'(XI,  X2,  X3}' 

.(XI,  X2.  X3} 

0  J’ 

Se  d')  = 

.(XI,  X2,  X3). 

Then,  E  (Z)  INT  E  d’)  is 
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„  _r0  0i  „  r  0  {X3)' 

~[0  0}  “®“L(X3}  0 


0 

{X3)‘ 

r{Xl,X2,  X3}' 

.{X1,X2,  X3} 

0} 

“[{XI,  X2,X3}. 

Constraint  RIO  can  be  restated  under  the  following  fonn,  which  will  be  useful  in  Chapter  7. 

If  {Jl,  ...  Jk)  is  the  support  of  a  AVS,  then  at  each  variable  link  L  the  effective 
alphabets  of  the  partition  of  X  are  included  in  the  entry  of  ECJj)  INT  E(J2) 
INT...INT  E(Ji()  that  corresponds  to  L. 

In  other  words,  the  intersection  of  the  supports  determines  the  kind  of  interactions,  as 
indicated  by  the  effective  alphabets,  that  are  allowed  between  two  stages. 

6.3  USER-DEFINED  CONSTRAINTS 

The  members  of  the  team  in  charge  of  Research  and  Development  can  introduce  constraints 
that  reflect  what  they  know  about  the  snructure  under  study.  They  may  rule  in  or  rule  out  some 
links,  force  a  certain  pattern  of  variability,  or  express  hierarchical  relationships  between  the  roles. 
For  example,  due  to  a  particular  expertise,  the  team  might  like  to  indicate  that  a  certain  set  of 
observations  can  only  be  processed  by  some  roles,  while  the  processing  of  other  sets  of 
observations  can  be  carried  out  by  any  role.  Within  die  framework  of  diis  thesis,  the  designer  can 
translate  his  knowledge  by  filling  Os  and  Is  at  the  appropriate  places  in  the  arrays  S,  s,  F,  G,  H, 
C.  The  other  elements  will  remain  unspecified  and  will  constitute  the  degrees  of  freedom  of  the 
design.  A  designer  can  impose  two  types  of  conditions. 

6.3.1  Fixed  Constraints 

Fixed  constraints  are  the  constraints  that  are  valid  for  any  input  x  in  X.  They  can  be  of  two 
types,  ruling  in  or  ruling  out  If  a  designer  wants  to  rule  out  some  links,  he  can  do  so  either  by 
putting  the  IXI  x  IXI  null  matrix  O  in  the  appropriate  entry  of  11 » ( S,  s,  F,  G,  H,  Q  or  by  ruling 
out  the  link  for  every  Admissible  Fixed  Structure.  If  a  designer  wants  to  rule  in  some  links,  to 
insure  that  those  links  are  always  activated,  he  can  do  so  either  by  putting  the  IXI  x  IXI  identity 
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matrix  I  in  the  appropriate  entry  of  IT  =  (  S,  s,  F,  G,  H,  C)  or  by  imposing  this  link  on  any 
Admissible  Fixed  Structure.  It  is  important  to  observe  at  that  point  that  any  constraint  on  a  link 
fnxn  a  sensor  to  the  input  stage  of  a  role,  or  on  a  link  from  the  output  stage  of  a  role  to  die  input 
stage  of  another  role,  is  necessarily  a  fixed  constraint  because  of  R7,  R8  and  R9.  In  the  rest,  the 
set  of  fixed  cmstraints  is  called  Rp.  This  set  is  a  set  of  links  and  the  indication  as  to  whether  they 
have  been  ruled  in  or  ruled  out 

6.3.2  G)lored  Constraints 

A  designer  might  also  want  to  impose  constraints  on  the  variability  in  the  systent  He  might 
want  to  rule  out  a  link  for  some  set  of  observations  and  rule  it  in  for  some  other  set  of  inputs. 
This  can  be  done  by  filling  the  appropriate  1X1  x  1X1  matrix  L  in  11  =  (  S,  s,  F,  G,  H,  C).  It  is 
assumed  that  a  designer  specifies  a  variable  link  completely.  In  other  words,  the  designer 
specifies  a  partition  of  X  into  two  subsets:  The  set  of  inputs  that  activates  the  link,  and  the  set  of 
inputs  that  does  not  activate  the  link.  The  thesis  rules  out  the  possibility  that  the  designer 
specifies  that  the  link  is  activated  by  the  set  of  inputs  A,  is  not  activated  by  the  set  of  inputs  B, 
and  remains  unspecified  for  a  non  empty  set  df  inputs  C.  In  the  sequel,  the  set  of  colored 
constraints  is  called  R^.  This  set  coctesponds  to  a  set  of  links  and  a  partition  of  the  set  of  inputs 
X  for  each  link. 

6.4  ILLUSTRATION 

In  this  section,  a  sinq)Ie  exan^le  is  devdqjed  to  illustrate  the  use  of  the  nxxlel  as  well  as  the 
specificatiOT  of  constraints  by  the  designer  of  a  system.  This  example  comes  from  the  experience 
of  a  platocMi  commander  in  a  unit  of  tanks.  A  platoon  of  tanks  is  a  variable  structure  system  with 
two  different  roles,  that  is  the  role  of  the  platoon  leader  and  the  role  of  the  subordinate.  The 
degree  of  redundancy  of  the  subordinate  role  in  nmst  armies  is  2.  The  platoon  receives 
observation  from  three  sources  SI,  S2,  and  S3. 

SI  describes  the  battlefield  from  200  m  up  to  2.5  km.  The  battlefield  is  observed  by  the  the 
platoon  leader  and  both  subordinates.  The  output  alphabet  of  SI  is  XI  {Enemy,  NoEnemy), 
where  "Enemy"  describes  the  fact  that  some  enemy,  either  Armor  or  Infantry,  is  in  sight  The 
ouq)ut  "NoEnemy"  indicates  that  no  enemy  troops  can  be  discerned.  If  an  enemy  is  present  in  the 
battlefield,  the  platoon  leader  must  issue  a  command  to  both  subordinates.  The  platoon  leader 
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does  not  issue  a  command  if  the  output  is  "NoEnemy,"  unless  otherwise  required. 

52  describes  the  battlefield  in  the  immediate  surroundings.  This  sector  is  monitored  by  at 
least  one  of  the  subordinates,  but  not  by  the  platoon  leader.  The  output  alphabet  of  S2  is  X2 
{Infantry,  NoInfantry},  where  "Infantry"  indicates  that  enemy  forces,  usually  infantry,  can  be 
detected  within  a  small  shooting  distance.  The  ouq>ut  "NoInfantry"  indicates  that  no  enemy 
groups  have  been  found. 

53  describes  the  air  cover.  This  sector  is  monitored  at  least  by  the  platoon  leader  and  the 
subordinate  which  is  not  in  charge  of  the  immediate  surroundings.  The  output  alphabet  of  S3  is 
(Chopper,  NoChopper},  because  helicopters  are  the  major  air  threats  for  tanks.  In  case  of  an  air 
threat,  the  subordinate  informs  the  platoon  leader  of  its  situation  assessment  and  waits  for  a 
command. 

The  set  of  simultaneous  observations  is  XI  x  X2  x  X3.  The  set  X  contains  eight  elements 
<Enemy,  Infantry,  Choppers,  <Enemy,  Infantry,  NoChoppcr>, 

<Enemy,  NoInfantry,  Choppei>,  <Enemy,  NoInfantry,  NoChopper>, 

<NoEnemy,  Infantry,  Choppei>,  <NoEnemy,  Infantry,  NoChopper>, 

<NoEnemy,  NoInfantry,  Chopper>,  <NoEnemy,  NoInfantry,  NoChoppet>. 

Those  elements  have  been  ordered  by  the  lexicographic  ordering.  They  have  been  abbreviated  in 
the  sequel  by  <E,  I,  C>,  <E,  I,  NC  >,  <E,  NI,  C  >,  <E,  NI,  NC  >,  <  NE,  I,  C  >, 

<  NE,  I.  NC  >,  <  NE,  NI,  C  >,  <  NE,  NI,  NC  >. 

Once  a  response  has  been  selected  each  role  gives  appropriate  commands  to  the  driver  and 
the  shooter  in  each  tank,  which  are  the  effectors  in  this  system.  The  requirements  for  the  system 
can  be  translated  as  follows.  Throughout  the  specifications  a  "#"  denotes  that  a  link  has  not  been 
specified,  i.e.  the  link  is  a  degree  of  freedom  of  the  design,  a  "I"  denotes  the  8  x  8  identity 
matrix,  i.e.  the  link  is  fixed,  and  a  "0"  denotes  the  8  x  8  null  matrix,  i.e.  the  link  has  been  ruled 
out  Platoon  leader  has  been  abbreviated  by  PL,  subordinate  1  by  Sbl,  subordinate  2  by  Sb2. 

Constraints  on  S 

The  matrix  S  is  a  3  x  3  block  matrix.  It  is  given  by 
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s  = 


PL  Sbl  Sb2 
I  I  I 
0  I  # 

LI  #  I. 


Sensor  1 
Sensor  2 
Sensor  3 


The  links  are  fixed  because  of  constraint  R7.  The  first  row  indicates  that  the 
battlefield  is  monitored  by  the  three  roles.  The  second  row  indicates  that  the 
inomediate  surroundings  are  not  monitored  by  the  platoon  leader,  that  they  are 
monitored  by  subordinate  1,  and  that  subordinate  2  may  or  may  not  monitor  the 
immediate  surroundings.  The  third  row  shows  that  the  air  cover  is  monitored  by  the 
platoon  leader  and  subordinate  2,  while  subordinate  1  might  or  might  not  look  for 
choppers. 


Constraints  on  s 

Each  role  has  to  send  a  command  to  some  effectors  over  all  set  of  inputs,  therefore  s 
is  given  by 


PL  Sbl  Sb2 
s=[I  I  I] 


Consuraints  on  F 

Subordinate  2  must  inform  the  platoon  leader  of  its  situation  assessment  in  case  an  air 
threat  is  detected.  The  set  of  inputs  that  activates  this  link  is  thus 
<C>  *  {  <E,  I,  C>,  <E,  NI,  C  >,  <  NE,  I,  C  >,  <  NE,  NI,  C  >}  and  the  set  of 
inputs  that  do  not  activate  the  link  is 

<NC>  =  {  <E,  I,  NC  >,  <E,  NI,  NC  >,  <  NE,  I,  NC  >,  <  NE,  NI,  NC  >} 

Therefore  the  variability  of  the  link  from  the  SA  stage  of  Subordinate  2  to  the  IF  stage 
of  the  Platoon  leader  is  described  by  the  8  x  8  matrix  LI 


1 

0 

0 

0 

0 

0 

0 

0 

<E.I.C> 

0 

0 

0 

0 

0 

0 

0 

0 

<E,I,NC> 

0 

0 

1 

0 

0 

0 

0 

0 

<E,NI.C> 

0 

0 

0 

0 

0 

0 

0 

0 

<E,NI,NC> 

0 

0 

0 

0 

1 

0 

0 

0 

<NE,I,C> 

0 

0 

0 

0 

0 

0 

0 

0 

<NE,I.NC> 

0 

0 

0 

0 

0 

0 

1 

0 

<NE,NI,0 

0 

0 

0 

0 

0 

0 

0 

0 

<NE,NI.NC> 
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No  other  constraints  on  the  sharing  of  situaticMi  assessment  have  been  fonnulated, 
thus  F  is 


F 


PL  Sbl 

fO  # 
#  0 
Lli  0 


Sb2 


PL 

Sbl 

Sb2 


Constraints  on  G 

No  constraints  on  G  have  been  stated  explicitly.  However  one  can  observe  that  the 
existence  of  the  links  from  Sensors  to  SA  stages  rules  out  those  links  (Constraint  R4). 
Therefore,  if  the  designer  has  entered  its  parameters  of  the  design  for  the  matrix  s  as 
described  above,  the  parameters  on  S  can  be  automatically  converted  into  the 
following  matrix  G.  The  omstraints  on  G  are  thus  as  follows 


PL  SblSb2 
0  0  0 
0  0  0 
LO  0  OJ 


PL 

Sbl 

Sb2 


Constraint  on  H 

No  constraint  on  the  interactions  between  the  RS  stages  and  the  IF  stages  has  been 
stated.  Nevertheless,  the  designer  wants  to  study  structures  in  which  no  response  can 
be  analyzed  by  the  subordinates.  The  constraints  on  H  become 


PL  Sbl  Sb2 


H 


0  #  # 
0  0  0 
0  0  OJ 


PL 

Sbl 

Sb2 


Constraint  on  C 

Several  constraints  that  have  been  expressed  are  translated  into  the  entries  of  matrix 
C  First,  the  platoon  leader  must  issue  a  command  to  both  subordinates  if  the  output 
of  SI,  the  main  battlefield  is  "Enemy."  Second,  the  platoon  leader  must  issue  a 
command  to  Subordinate  2  if  some  helicopter  is  detected.  Since  the  platoon  leader 
coordinates  the  mission  assigned  to  the  platoon,  it  is  assumed  that  both  subordinates 
cannot  issue  commands  to  the  platoon  leader.  However  each  subordinates  may  issue 
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commands  to  the  other.  The  constraint  on  the  matrix  C  can  thus  be  expressed  by 


C  = 


PL  Sbl  Sb2 

'O  L2  U’ 
0  0# 
Lo  #  0  J 


PL 

Sbl 

Sb2 


where  L2  describes  the  variability  of  the  link  from  PL  to  Sbl.  It  corresponds  to  the 
platoon  leader  issuing  a  command  to  Sbl  if  and  only  if  the  output  of  Sensor  1  is  E.  The 
partition  of  X  is  thus  A  =  <E>  and  8=  <NE> ,  the  only  effective  alphabet  is  XI  and  L2 
is  as  follows. 
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<NE.NLC> 
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.d«.NLNC> 

mm 

Matrix  L3  incorporates  the  variability  between  PL  and  Sb  2.  A  command  is  issued  to 
Sb2  if  and  only  if  Sensor  1  outputs  "Enemy”  or  Sensor  3  outputs  "Chopper."  Thus, 
the  set  of  inputs  that  activate  the  link  is  <E>  u  <C>  »  {  <£,  I,  O,  <E,  I,  NC  >, 
<E,  NI,  C  >,  <E,  NI,  NC  >,  <  NE,  L  C  >,  <  NE,  NI,  C  >)  and  the  set  of  inputs 
that  do  not  activate  the  links  is  <NE>  n  <NC>  =  {<  NE,  T  C  >,  <  NE,  NI,  NC  >}. 
It  must  be  noted  that  the  effective  alphabets  of  this  partition  are  XI  and  X3.  The 
matrix  L3  is  thus  as  follows 


L3 
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0  0  0  0  0 
1  0  0  0  0 
0  10  0  0 
0  0  10  0 
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<E.LC> 

^LNC> 
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<E.NI.NC> 

<NE.LC> 

<NE.I,NC> 

<NE.NI.C> 

<NE.NI,NC> 
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It  is  easy  to  show  those  constraints  on  a  CPN  model  of  the  system.  Figure  6.8  depicts  a 
model  of  the  variable  structure  platoon  command  and  control  system.  This  net  is  constructed  as 
shown  in  Qiapter  V.  To  facilitate  the  expression  of  the  constraints  on  the  graph,  a  link  that  has 
been  ruled  out  has  not  been  represented,  a  link  that  is  fixed  is  drawn  with  a  bold  line  and  without 
annotations,  and  a  link  that  is  variable  is  drawn  in  bold.  A  variable  link  is  annotated  by  the  matrix 
that  describes  its  activation  over  the  set  of  inputs.  Finally,  the  unspecified  links  have  been 
indicated  and  axe  drawn  with  plain  lines. 


Fig.  6.8  Colored  Petri  Net  of  the  User’s  Constraints 

Chapter  Vm  contains  two  detailed  applications  of  the  methodology.  In  the  next  chapter,  the 
set  of  solutions  to  the  design  problem  is  characterized. 
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CHAPTER  Vn 


SOLUTIONS  TO  THE  DESIGN  PROBLEM 


7.1  INTRODUCTION 

Table  7.1  summarizes  the  sets  and  notimis  that  have  been  introduced.  A  set  of  Well  Defined 
Variable  Structures,  V,  has  been  defined.  This  is  the  most  generic  set  as  far  as  variable  structures 
are  concerned.  It  is  partially  ordered  by  ACT  and  (V,  ACT)  is  a  lattice.  The  designers  express 
their  knowledge  about  the  system  within  the  framework  of  V,  by  imposing  the  constraints  Rp 
and  Re-  Structural  constraints  have  been  introduced  to  characterize  the  set  AV  of  WDFS  that 
makes  physical  sense,  the  Admissible  Variable  Structures.  This  set  is  partially  ordered  by  ACT, 
and  none  of  its  properties  have  been  stated.  A  solution  to  the  design  problem  is  any  AVS  that 
satisfies  the  user-defined  constraints  Rp  and  R^. 


Table  7.1  Mathematical  Framework 


Sets 

Ordering 

Pr(q)erties 

Ronaik 

V 

ACT 

Lattice 

Constraints 

RpandRc 

AV 

ACT 

7 

Solutions 

ACT 

? 

Solution 
=  AV  and 
RFandRc 

W 

SUB 

Lattice 

Constraints 

Rf 

AW 

SUB 

? 

Accessible 

patterns 
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In  order  to  use  the  language  and  the  results  from  the  work  on  fixed  structures,  a  set  W  of 
Well  Defined  Fixed  Structures  has  been  described.  This  is  the  most  generic  set  as  far  as  fixed 
structures  are  concerned.  The  connection  between  V  and  W  is  that  any  element  of  V  can  be 
represented  as  a  mapping  from  the  set  of  inputs  X  to  the  set  W.  Structural  constraints  on  V 
restrict  the  class  of  possible  mappings  to  those  from  X  to  the  subset  of  Admissible  Fixed 
Structures,  AW.  The  fixed  constraints  Rp  rule  in  or  rule  out  some  links  in  W.  This  chapter 
presents  some  properties  of  the  set  of  solutions.  First,  the  colored  constraints  are  analyzed  in 
section  7.2.  Then,  the  convexity  of  a  property  is  defined  in  section  7.3,  and  used  in  section  7.4 
to  characterize  the  WDVS  that  satisfy  all  constraints  except  constraint  RIO.  Constraint  RIO  is 
smdied  in  detail  in  section  7.5,  and  yields  a  specification  of  a  class  of  solutions. 

7.2  COLORED  CONSTRAINTS 

7.2.1  CoiTclation  of  Activations 

Suppose  that  the  designer  specified  the  variability  of  k  links  L^,...,  L^.  Each  link  Lj  induces 
a  partition  of  X  into  two  subsets,  AQ,  the  inputs  that  activate  the  link,  and  DC^,  the  inputs  that 
do  not  activate  the  link.  The  activations  of  these  links  are  not  independent  If  a  Unk  L  is  activated 
by  the  elements  of  AC,  and  another  link  L’  is  activated  by  the  elements  of  AC',  then  the  fixed 
functional  structure  associated  with  each  input  in  AC  rt  AC  must  have  both  fixed  links  L  and  L, 
the  data  flow  structure  associated  with  every  input  in  DC  n  AC  must  have  the  fixed  link  L'  but 
not  the  fixed  link  L,  the  fixed  functional  structure  associated  with  every  input  in  AC  n  DC  must 
have  the  fixed  link  L  but  not  the  fixed  link  L”,  and  the  data  flow  structure  associated  with  each 
input  in  DC  o  DC  must  not  have  the  fixed  links  L  and  L*.  The  correlation  of  the  activations  is 
analyzed  with  the  properties  introduced  in  Definition  7.1. 

Definition  7.1 

Let  E  be  any  WDFS.  For  i  in  [l.Jc],  the  properties  R^®  and  R^*  are  defined  by 
R^^  (£)  is  true  if  and  only  if  £  contains  the  fixed  link  L^. 

(E)  is  true  if  and  only  if  E  does  not  contain  the  fixed  link  Lj. 

Note  that  for  any  i  and  any  E,  either  R^o  (E)  or  R^i  (E)  hr'is.  Rj®  and  Rj*  define  a  partition 
of  W  into  two  subsets,  Wj®,  the  set  of  WDFS  for  which  R^®  holds,  and  W^^  the  set  of  WDFS 
for  which  Rj^  holds.  From  the  definition  of  ACj  and  DCj,  one  infers  Proposition  7.1. 
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Proposition  7.1 

For  any  H  in  V,  and  any  i  in  [l..k],  11  describes  the  variability  of  the  link  Lj 
if  and  only  if 

•  V  X  in  AQ  n(x)  belongs  to  Wj^ 

•  V  X  in  DQ  n(x)  belongs  to  WjO 

Schematically,  Proposition  7.1  is  illustrated  by  Figure  7.1. 


Fig.  7.1  Ginstraint  on  Mapping 


The  set  of  inputs  X  is  divided  into  two  subsets,  as  is  the  set  W.  The  inputs  that  activate  the 
variable  link  L  (the  inputs  in  AC)  must  be  assigned  to  fixed  structures  that  contain  the  fixed  link 
L  (fixed  structures  in  W^),  and  the  inputs  that  do  not  activate  the  variable  link  L  (the  inputs  in 
DQ  must  be  assigned  to  fixed  structures  that  do  not  contain  the  fixed  link  L  (fixed  structures  in 
WO).  The  fact  that  the  activation  of  links  is  correlated  is  illustrated  in  Figure  7.2.  There  is  no 
reason  to  believe  that  the  variability  of  the  links  induces  the  same  partitions  of  X  and 

W.  One  must  thus  consider  the  intersection  of  these  partitions  to  keep  track  of  the  constraints  on 
the  mappings,  as  described  in  Proposition  7.2. 


Proposition  7.2 

A  WDVS  n  describes  the  variability  of  any  link  Lj ,  i  in  [l..k], 
if  and  only  if 

(ii . ik  >  “  {O’  ^  <  i  . ,  vAC.  )  n (.  .  DC  ) 

n(x) belongs  to  (  .  ,0  ,  .  ^  .  n^i  v  ^ 
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Fig.  7.2  Correlation  of  Colored  Constraints 


Proof: 

The  colored  constraints  induce  k  partitions  of  the  set  of  inputs  into  AQ  and  DCj, 
and  k  partitions  of  W  into  and  W^j.  Thus, 

•  the  set  of  inputs  is  partitioned  into  the  subsets 

^i,.o?j.l.j.DCi,)wiIli  (i,, ....  i, ) in  (0,  1)‘ 

•  the  set  of  fixed  structures  is  partitioned  into  the  subsets 
w!  )  n  ( 

‘j 

and  by  Proposition  7.1,  any  element  w  ( ^  AC  )  ^  DCj  )  is  assigned 


<  ^  <  i.-o.H.n  J  ™«h(iu...i,)in  (0. 1)' 


to  an  element  of  (  n  w!  )  n  (  .  n  W°  ). 

•j-l  ‘j  »j  =  0  ‘j 


Example  7.1: 

Suppose  that  a  system  has  two  sensors,  whose  alphabets  are  XI  s  (A,  B,  C}  and 
X2  =  {U,  V}.  Suppose  that  the  colored  constraints  apply  to  two  links  LI  and  L2, 
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and  ACi  =  {<A>},  DQ  =  {<B>  u<C>  ),  AC2  =  )*  ^^2  =  {<V>}.  Then, 

•  Any  element  of<A>  n<£/>={  <A,  U  >  }  must  be  assigned  to  an  element 
of  W^i  n  WI2. 

•  Any  element  of  <  A  >  n<V>  =  {<A,  V  >}  must  be  assigned  to  an  element  of 
WiinW02. 

•  Any  element  of  (<J5>  u  <C>  )  n  <  U  >  =  [<B,  \J  >,  <C,  U>}  must  be 
assigned  to  an  element  ofW^inW^. 

•  Any  element  of  (<B>  u  <C>  )  n  <  V>  =  {<B,  V  >,  <C,  V>}  must  be 
assigned  to  an  element  ofW®ir>W®2* 

Note,  however,  that  some  subsets  ( .  n  AC.  )  n  ( .r»  DC.  )  can  be  empty. 

1.  *  1  *:  1. « 0  *: 

J  J  i  ‘ 

An  empty  intersection  does  not  impose  any  constraint  on  the  mapping,  and  can  thus  be  ignored. 
In  the  rest,  only  the  non-empty  intersections  are  considered.  To  keep  the  notations  simple,  it  is 
assumed  that  there  are  m  such  intersections,  EX^  i  in  [l..m],  which  are  called  the  elementary  sets 
of  inputs.  Each  element  in  EXj  must  be  assigned  to  an  element  of  WS  where  W‘  is 

(  n  w!  )n(  n  W? )  for  some  appropriate  (i  1,  ii.)  in  {0,1 
ij-l  b  ij-O  b 

7.2.2  Solutions  of  Colored  Constraints 

Any  mapping  such  that  EXj  — >  EX„ — >  W“  satisfies  the  colored  constraints. 

However,  this  thesis  characterizes  only  one  class  of  solutions,  as  expressed  by  Assumption  7.1. 

Assumption  7.1 

Within  the  scope  of  this  thesis,  only  mappings  that  assign  all  elements  of  EX^  to  the  same 
fixed  structure  inW‘  are  considered. 

Example  7.2: 

A  solution  to  the  design  problem  of  example  7.1  is  thus  a  mapping  such  that 

•  <A,  U  >  is  assigned  to  an  element  of  n  WI2  » 

•  <A,  V  >  is  assigned  to  an  element  of  n  W®2. 2? 

•  <B,  U  >  and  <C,  U>  are  both  assigned  to  the  same  in  W®i  r>  Wi2- 

•  <B,  V  >  and  <C,  V>  are  both  assigned  to  the  same  in  W®i  n  W®2. 
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This  assumption  proceeds  from  one  main  consideration,  which  is  the  need  for  a  WDVS 
whose  support  has  a  minimal  number  of  elements.  By  describing  the  variability  of  k  links,  the 
user  imposes  certain  correlations  (different  W*and  EXj).  It  has  been  noted  that  are 

distinct  subsets  of  W.  Therefore,  the  ranges  in  W  of  EXx,..,  EX„  are  distinct,  and  there  are  at 
least  m  distinct  fixed  structures  in  the  support  of  every  WDVS  that  satisfy  the  colored 
constraints.  Assumption  7.1  restricts  the  scope  of  this  study  exactly  to  the  WDVS  with  m 
elements.  The  hypothesis  is  that  the  coordination  of  a  minimal  numb^  of  fixed  structures  is 
easier  than  the  coordination  of  a  large  number  of  fixed  structures.  (See  Proposition  7.20  for  a 
mathematical  expression  of  that  statement).  This  thesis  characterizes  the  solutions  that  correspond 
exactly  to  the  degree  of  correlation,  as  detined  by  the  size  of  the  support,  that  is  introduced  by  the 
designer.  Proposition  7.2  and  Assumption  7.1  are  summed  up  by: 

Proposition  7.3 

Any  WDVS  that  satisfies  the  colored  constraints  and  Assumption  7.1  is  characterized  by 
m  Well  Defined  Fixed  Structures  E^...  ,2'“, 

where  m  is  the  number  of  non  empty  effective  sets  of  inputs.  The  effective  set  EX^  is 

attached  to  ES  for  any  i  in  [l..m]. 

In  the  rest  of  this  subsection,  some  consequences  of  Proposition  7.3  are  stated.  They  relate 
Proposition  7.3  to  properties  of  the  fixed  structures  in  the  support  of  a  WDVS. 

Proposition  7.4 

Let  n  and  11'  be  two  WDVS  that  satisfy  the  colored  constraints 

nAcrn' 

if  and  only  if 

for  any  i  in  [l..m],  E‘  SUB  E'*. 

Proof: 

Subsection  4.4.  noted  that  11 ACTT 11’  if  and  only  if  V  x  in  X  IKx)  SUB  n'(x). 

This  is  equivalent  to  stating  that  for  any  i  in  [l..m]  and  for  every  x  in  EX^ , 
n(x)  SUB  n'(x),  with  n(x)  =  Ei  and  Il’fx)  =  E-i  Q.E.D. 

In  other  words,  IT  ACT  11'  if  and  only  if  the  data  flow  structure  that  describes  the 
processing  of  the  elementary  set  of  inputs  EXj  in  11  is  a  subnet  of  the  corresponding  data  flow 
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structure  in  11'.  It  is  equivalent  to  work  with  the  partial  ordering  ACT  on  V,  or  to  work  with  the 
partial  ordering  SUB  in  the  k  distinct  subsets  W*.  i  in  [l.Jc].  This  result  is  used  later  on  to 
characterize  the  AVS  that  satisfy  the  user-defined  constraints. 

Proposition  7.5 

Let  n  be  a  WDVS  that  satisfies  Rc,  EXj, ....  EX„  be  the  effective  alphabets,  and  L  be  any 
link  in  n. 

The  subset  of  inputs  that  activates  the  link  L,  AC,  belongs  to  the  lattice  polynomial 
generated  in  the  lattice  of  all  subsets  of  X  by  EX^, ...,  EXgi,  by  constructing  all  possible 
unions  and  intersections  of  the  disjoint  sets  EX^, .,  E^. 

Note  that  the  lattice  polynomial  generated  by  a  finite  number  of  elements  of  a  lattice  is 
introduced  in  Definition  3.9.  This  sublattice  is  denoted  by  L(  EXj, EX^. 

Proof: 

Let  L  be  a  variable  link  of  a  WDFS  tiiat  satisfies  the  colored  constraints.  Let  I  be 
{i  in  [l..m]  s.t  L  is  present  in  E> },  which  might  be  the  empty  set  By  definition,  the  set 
of  inputs  that  activate  the  link  is  u  j  iaj  EX^,  which  belongs  to  L(EXj, EX^. 

Proposition  7.5  is  important  because  the  sublattice  l^EXj, EX^  is  valid  for  any  link. 
Therefore,  a  practical  implementation  of  the  metiiodology  need  not  recompute  the  values  that  can 
be  taken  by  AC  for  every  link.  A  lot  of  con^)uting  time  can  be  saved  by  determining  the  lattice 
L(EXi, EX^  once  and  for  all,  and  translating  it  into  a  lattice  of  matrices  that  appropriately 
describe  the  activation  of  the  links,  as  discussed  in  Chapters  V  and  VI. 

7.3  CONVEXITY 

Section  7.2  described  some  relationships  between  the  colored  constraints  and  the  set  of 
solutions  to  the  design  problem.  In  order  m  characterize  the  set  of  solutions,  an  extensive 
investigatitm  ci  the  interactions  between  the  constraints  and  the  partial  mxlerings  ACT  and  SUB 
must  be  performed.  The  notion  of  convexity  is  one  appnqniate  mathematical  tool  to  be  applied. 

Definition  7.2 

Let  A  be  a  set,  R  be  an  ordering  of  A.  If  xj  and  are  two  elements  such  that  x^  R  X2, 
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the  interval  [  Xj,  X2  ],  if  it  exists,  is  defined  to  be  the  subset  A’  of  A  such  that  every  x  in  A' 

satisfies  x^  R  x  R  X2. 

Definititm  7.3 

Let  Y  be  a  subset  of  the  partially  txdered  set  A.  Y  is  said  to  be  convex  if  and  (Xily  if 

^ (y^ y2) ®  ( yi  R y2 )  ( iVv 

For  example,  the  set  of  real  numbers  with  the  ordering  ^  is  a  convex  set.  Note  that  the 
convexity  is  a  property  that  is  specific  to  the  subset  Y.  It  is  possible  to  have  a  Y  that  is  a  convex 
subset  of  a  non  convex  set  A.  Reciprocally,  a  convex  set  can  have  non  convex  subsets.  Much 
study  has  been  devoted  to  convex  subsets  because  they  have  the  unique  property  of  being 
completely  determined  by  their  minimal  and  mayimal  elements,  as  indicated  by  Proposition  7.6. 
Minimal  and  maicimal  elements  of  a  partially  ordered  set  have  been  introduced  in  Chapter  IH 

Proposition  7.6  (Birkhofi) 

Let  Y  be  a  ccxivex  subset  of  a  set  A.  Then 

•  "x  belongs  to  Y"  is  equivalent  to 

•  **x  is  a  minimal  element  of  Y"  or  "x  is  a  maximal  element  of  Y"  or 

'3  (xj,  X2),  where  x^  is  a  minimal  element  in  Y,  and  X2  is  a  maximal  element  in  Y,  such 
that  Xj  R  X  R  X2". 

If  a  set  is  convex,  its  structure  can  be  assessed  with  three  simple  sets  of  tools,  a  partial 
ordering,  a  set  of  minimal  elements  and  a  set  of  maximal  elements.  Any  element  that  is  below  one 
maximal  element  and  above  one  minimal  element  belongs  to  the  set  There  is  no  need  for  an 
extensive,  and  possibly  combinatorial,  description  of  all  the  dements.  The  issue  of  finding 
convex  subsets  in  the  set  of  WDVS,  V,  appears  quite  important,  because  convexity  allows  us  to 
describe  exactly  subsets  of  V  without  encountering  a  combinatorial  computational  problem.  In 
that  case  the  designer  can  be  given  the  set  of  solutions  within  minimal  computing  requirements. 
Boolean  properties  are  ccxisidoed  to  tackle  rigorously  this  goal  A  Boolean  property  on  a  set  A 
is  a  proposition  P(x)  that  either  holds  (is  equal  to  1)  or  does  not  hold  (is  equal  to  0),  for  any  x  in 
A.  Let  P(A)  be  the  set  of  elements  of  A  such  that  P(x)  holds.  If  A  is  a  partially  ordered  set,  there 
exist  P„„  (^)>  ^  maximal  elements  of  P(A),  and  P„in  (A),  the  set  of  all  minimal 

elements  of  P(A). 
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Defimdoa  7.4 

A  Boolean  property  P  is  said  to  be  convex  with  respect  to  the  partial  ordering  R  if  and 
only  if  P(  A)  is  convex. 

Proposition  7.7 

a  Boolean  property  P  is  convex  and  verified  by  at  least  one  element  then 
P(A)  =  {  X  in  A  S.L  tfiere  exist  Xi  in  PmmCA)  and  X2  in  P^^iCA)  and  Xj  R  x  R  X2  } 

Proposition  7.7  is  a  direct  consequence  of  Proposition  7.6,  and  is  important  because  it 
indicates  that  a  set  of  elements  that  fulfills  a  convex  property  is  uniquely  determined  by  the 
boundary  elements  of  that  set  Here  again,  one  can  gain  substantive  insights  into  a  set  by 
reducing  a  combinatorial  description  of  all  the  elements  that  verify  the  pr(^)erty  into  a  description 
of  the  minimal  and  maximal  elements  of  that  set  Within  the  scope  of  this  thesis,  elements  of  A 
that  may  simultaneously  satisfy  several  ccxivex  inopeities  must  also  be  characterized. 

Proposition  7.8 

The  intersectiai  of  two  convex  sets  is  a  convex  set 
Proof: 

Let  A  and  B  be  two  convex  sets.  If  A  and  B  have  no  elements  in  common,  then 
dieir  intersection  is  the  empty  set  which  is  trivially  a  cmivex  set 
Let  us  suppose  that  their  intersection  is  non  empty.  Let  x  be  an  element  of  the 
intersection.  If  x  is  minimal  or  maximal  in  the  intersection,  the  proof  is  done. 
If  X  is  neither  maximal  nor  trtinimal  in  the  intersection,  there  exist  two  elements  in  the 
intersection  x^  and  X2  s.t  x^  R  x  R  X2.  Because  of  the  convexity  of  A  and  B,  x  covers  x^ 
and  X2  covers  x.  The  proof  proceeds  inductively  on  x^  and  X2. 

Therefore,  the  set  of  elements  of  A  that  simultaneously  satisfy  several  convex  properties  is 
uniquely  characterized  by  its  boundaries.  This  result  has  some  drawbacks,  however.  Suppose 
that  there  are  j  convex  properties  Pi,..,  Pj.  Each  set  Pj(A)  is  determined  by  its  boundaries,  but 
there  are,  in  general,  no  direct  relationships  between  minimal  and  maximal  elements  of  the 
intersection  rtjPjCA)  and  minimal  and  maximal  elements  of  each  Pj(A).  Nevertheless,  if  (A,  R) 
is  a  lattice.  Proposition  7.9  holds. 
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Proposition  7.9 

Let  (A,  R)  be  a  lattice.  Let  P,  F  be  two  convex  properties,  and 

”  {yi»***»  Yp}*  “  {^l»  ”  {Wj,..,  W|}. 

•  (P  and  P')inm  (A) » s®*  of  minimal  elements  satisfying  P  and  F  is  included  in  the  set 
of  the  joins  of  the  elements  of  Pnun(A)  and  P’nunCA):  {  u  Wjli^  j  a  (P  and  F)^^  (A). 

•  (P  and  PQm.itCA),  the  set  of  maximal  elements  satisfying  P  and  F  is  included  in  the  set  of 
the  meets  of  the  elements  of  Pnuui(A)  and  Fm„(A):  {x^  n  Zmlk,  m  2  (P  P)max  (A). 

Proof: 

If  X  is  an  element  of  A  that  verifies  P  and  P'  then, 
yi  R  X  R  x^,  with  yj  in  Pmin(A),  Xj^  in  Pm„(A) 

Wj  R  X  R  z^,  with  Wj  in  P'min(A).  Zm  “  P'max(A). 

Thus,  by  definition  of  the  meet  and  the  join,  y|  u  Wj  R  x  R  x^  n  z^,.  Therefore,  any 
element  of  (P  and  P*)  (A)  lies  above  a  meet  of  minimal  elements  and  below  a  join  of 
nuncimal  elements.  Note  that  all  meets  and  joins  might  not  be  minimal  and  maximal 
elements  of  the  intersection. 

On  the  other  hand,  if  no  yi ,  Wj,  x^,  z„  verify  (yj  u  Wj)  R  x  R  Xjt  n  z^,  then 
(P  and  F)(A)  is  empty,  and  if  some  yi ,  Wj,  Xy^,  z^  verify  yj  uwj  R  x  R  xj.  n  z^  then 
yj  u  Wj  and  x^  n  z,„  belong  to  (P  and  POCA),  and  are  thus  boundaries  of  (P  and  F)(A). 

Prcq)ositi(xi  7.9  is  more  important  practically  than  theoretically.  From  the  theoretical  pomt  of 
view,  knowing  that  an  intersection  of  convex  sets  is  convex  is  the  substantive  result.  In  a 
practical  implementation,  however,  it  is  difficult  to  compute  rapidly  the  minimal  and  maximal 
elements  of  an  intersection  of  several  convex  sets.  Proposition  7.9  indicates  that  working  in  a 
lattice,  which  is  the  case  in  V  and  W,  eases  the  computation,  because  of  the  simple  relationship 
between  minimal  and  maximal  elements  of  the  Intersection  and  the  boundaries  of  the  convex  sets. 

7.4  aL\RA(nERIZATION  OF  THE  CONSTRAINTS 

This  section  applies  the  results  of  7.3  to  characterize  the  constraints.  A  solution  to  the 
design  problem  is  a  WDVS  such  that  Rl,  R2,  R3,  R4,  R5,  R6,  R7,  R8,  R9,  RIO,  Rp,  Rc.  and 
Assumption  7.1  are  satisfied.  Each  of  these  constraints  is  a  Boolean  property,  because  a 
constraint  is  either  fulHlled  or  violated  by  a  WDVS.  However,  some  constraints  have  been 
expressed  in  the  language  of  the  set  W,  while  others  have  been  expressed  in  the  language  of  the 
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set  V.  The  constraints  on  the  set  W  arc  analyzed  first  They  yield  a  characterization  of  the  set 
AW.  Then,  this  result  is  combined  with  the  constraints  on  V,  except  RIO. 

7.4.1  Constraints  R2,  R3,  R4,  R5 

The  constraints  R2,  R3,  R4,  R5  have  been  expressed  as  constraints  in  W.  They  do  not  pose 
any  problems  as  far  as  convexity  is  concerned,  as  indicated  by  Proposition  7. 10. 

Proposition  7.10 

The  constraints  R2,  R3,  R4,  R5,  are  convex  in  W  for  the  partial  ordering  SUB. 

Proof: 

R2  If  the  fixed  structure  L’  is  depicted  by  an  acyclic  Ordinary  Petri  Net,  then  any 
subnet  of  that  Petti  Net  is  acyclic. 

R3  If  there  is  at  most  one  link  from  the  RS  stage  of  one  role  i  to  another  role  j  in  a 
fixed  structure  £',  then  each  fixed  structure  £  such  that  £  SUB  £'  has  fewer 
interactions  than  £*.  In  particular,  there  is  at  most  one  link  from  the  RS  stage  of 
(me  role  i  to  another  role  j  in  £'.  £  satisfies  constraint  R3. 

R4  If  the  SA  stage  of  each  role  in  a  fixed  structure  £'  receives  either  observations 
from  the  sensors  or  one  and  only  one  response  sent  by  some  other  role,  then  each 
fixed  stmcture  £  such  that  £  SUB  £  has  fewer  interactions  than  £’,  and  receives 
either  sensors'  observations  or  at  most  one  response  sent  by  some  other  role.  £ 
satisfies  constraint  R4. 

R5  If  a  fixed  structure  £'  does  not  have  one  link  from  the  SA  stage  of  role  i  to  the 
IF  stage  of  role  j  and  one  link  frcxn  the  RS  stage  of  role  i  to  the  S  A  stage  of  role  j, 
then  each  fixed  structure  £  such  that  £  SUB  £’  has  fewer  interactions  than  £', 
and  cannot  have  one  link  from  the  S  A  stage  of  role  i  to  the  IF  stage  of  role  j  and 
one  link  from  the  RS  stage  of  role  i  to  the  S  A  stage  of  role  j.  £  fulfills  R5 

7.4.2  Constraints  Rl,  Rp 

Constraint  Rl  has  to  be  investigated  to  characterize  AW.  The  problem  is  that  Rl  is  not 
convex.  It  is  possible  to  break  the  connectivity  of  a  fixed  stmcture  by  removing  a  fixed  link  as 
well  as  by  adding  a  fixed  link.  This  happens,  for  example,  if  a  link  that  is  added  to  the  fixed 
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structure  originates  from  a  transition  of  the  current  net  but  does  not  terminate  at  a  transition  that 
was  previously  in  the  net.  In  that  case,  a  transition  without  output  place  is  created,  which  violates 
Rl.  Figure  7.3  describes  a  sequence  in  which  R1  is  fulfilled,  violated,  and  fulfilled  again  by 
successively  adding  two  fixed  links. 

Fortunately,  the  theory  of  fixed  structure  systems  has  already  characterized  the  fixed 
structures  that  satisfy  Rl  (Remy,  1986).  These  results  can  be  formulated  within  the  context  of 
this  thesis  once  the  Universal  Net  is  introduced.  This  notion  is  related  to  the  fixed  constraints  Rp, 
the  set  of  links  that  have  been  ruled  in  or  ruled  out  for  any  AFS.  Recall  that  the  designer  can  rule 
in  or  out  some  fixed  links  by  putting  Os  and  Is  in  (S,  s,  F,  G,  H,  C),  the  generic  representation 
of  an  element  of  W. 
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Fig.  7.3  Successive  Fixed  Structures 


Definition  7.5 

The  Universal  Net  ZU  is  the  WDFS  obtained  by  replacing  the  undetermined  elements  of 

(S,  s,  F,  G,  H,  Q  by  1. 

In  other  wmds,  ZU  is  a  fixed  structure  that  contains  all  the  interactions  that  have  not  been 
ruled  out  ZU  is  associated  with  an  Ordinary  Petri  Net  which  contains  all  the  admissible  links  in 
the  structure,  and  which  is  a  marked  graph  if  the  external  place  and  the  sink  are  merged  in  one 
single  place  (Propositions  5.9  and  subsection  6.2.2).  From  Theorem  2.4,  the  simple  information 
flow  paths  of  ZU  are  the  S-components  associated  with  the  minimal  support  S-invariants  of  the 
net  that  contain  the  external  place.  Each  simple  information  flow  path  is  a  subnet  of  ZU,  and  is 
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thus  an  element  of  W. 


Proposition  7.11  (Remy) 

A  WDFS  £  satisfies  constraints  R1  and  Rp 

if  and  only  if 

£  belongs  to  the  lattice  polynomial  generated  by  the  simple  information  flow  paths  of  £U 

which  is  equivalent  to 

£  is  a  meet  of  simple  infoimadon  flow  paths  of  the  Universal  Net  £U. 

Recall  from  Definition  3.9  that  the  lattice  polynomial  generated  by  the  simple  information 
flow  paths  of  £U  is  the  set  of  all  WDFS  that  are  computed  by  performing  join  and  meet 
operations  on  the  simple  information  flow  paths.  Proposition  7.11  has  several  important 
implications. 

First,  it  shows  that  one  goes  from  a  fixed  structure  to  a  fixed  structure  that  is  immediately 
above  by  adding  a  simple  information  flow  path  instead  of  a  link.  The  elementary  blocks  from 
which  connected  fixed  structures  can  be  built  are  the  simple  information  flow  paths,  and  not  the 
links. 

Second,  it  applies  only  to  the  constraints  R1  and  Rp.  Consequently,  this  result  is  valid  in  W 
as  well  as  in  any  subset  of  W,  in  the  W*  i  in  [l..m]  for  example.  In  each  of  these  subsets,  the 
elements  that  satisfy  constraints  R1  and  Rp  must  be  the  meet  of  simple  infcnmation  flow  paths  of 
the  Universal  Net£U. 

Third,  the  AFS  that  satisfy  Rp  can  be  characterized,  as  formulated  in  Proposition  7. 12. 
Proposition  7.12 

£  is  a  WDFS  that  belongs  to  AW  ami  verifies  Rp  if  and  only  if 

•  £  lies  between  a  maximal  solution  and  a  minimal  solution: 

3  £}  and  £2  such  that  £1  SUB  £  SUB  £2 

£1  is  a  minimal  element  of  W  o  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5) 

£2  is  a  maximal  element  of  W  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5) 

•  £  is  a  union  of  simple  information  flow  paths  of  £U,  the  Universal  Net 

Proof: 

The  first  part  comes  from  the  fact  that  R2,  R3,  R4,  R5  are  convex  constraints. 

The  second  part  is  Proposition  7.11. 
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These  results  must  be  combined  with  other  constraints  to  sort  out  the  set  of  variable 
structures  that  are  solutions  of  a  given  design  problem.  The  relationships  between  Proposition 
7. 12  and  the  colored  constraints  are  rirst  assessed. 

7.4.3  Colored  Constraints 

In  section  7.2,  the  colored  constraints  are  analyzed  using  the  set  of  Boolean  properties 
and  i  in  [1.  Jc].  These  binary  relations  are  defined  on  W,  and  verify  without  much  difficulty 
Proposition  7.13. 

Proposition  7.13 

For  any  i  in  [1  ..k],  R^®  and  R^^  are  convex  properties  in  W. 

Proof: 

If  an  Ordinary  Petri  net  £  is  such  that  £  i  SUB  £  SUB  £  2,  with  R^^  (£  j)  and  R^^^  (£  2) 
true,  then  any  link  that  is  absent  in  both  £  i  and  £  2  is  absent  in  £. 

ThusRi^(£)  holds  because  £  cannot  contain  the  link  Lj. 

If  an  Ordinary  Petri  net  £  is  such  that  £  1  SUB  £  SUB  £  2*  ^th  R|^  (£  and  RiH£  2 ) 
true,  then  any  link  that  is  present  in  both  £ ;  and  £  2  is  present  in  £. 

Thus  R}^  (£ )  holds  because  £  contains  the  link  L|. 

Remember  that  each  pair  of  binary  relations  R^^  Ri^*  i  in  [l..k],  defines  a  partition  of  W 
into  two  subsets  W^j  and  W^j.  Prc^sition  7.13  indicates  that  both  subsets  W^j  and  are 
convex,  and  that  any  intersection  of  W®i  or  with  an  other  convex  subset  of  W  is  convex. 

Proposition  7.14 

The  subsets  W*  i  in  [l..m],  defined  in  section  7.3,  are  convex  in  W. 

Phoof: 

Each  W*  is  some  (  nw!)n(  o  W?) 

ij-l  ij  i^-o  >, 

By  Proposition  7.13,  each  W®}  and  W*i  is  a  convex  set,  and  by  Proposition  7.8  the 
intersection  of  convex  sets  is  a  convex  set  Thus  the  claim. 
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Proposition  7. 14  has  many  implications. 

•  It  shows  that  any  is  completely  determined  by  its  minimal  and  maximal  elements. 

•  As  R2,  R3,  R4  and  R5  are  convex,  the  intersection  of  each  with  the  set  of 
WDFS  that  satisfies  R2,  R3,  R4,  R5  is  convex.  Each  into'section  is  uniquely  determined 
by  j}>  the  set  of  minimal  elements  and  {£>2,  k  )>  the  set  of  maximal  elements. 

•  Finally,  it  indicates  that  the  intersection  of  each  W‘  with  the  set  of  all  AFS  that 
satisfy  Rp  verifies  Proposition  7.15. 

Proposition  7.15 

For  each  i  in  [l..m],  £  is  a  WDFS  that  belongs  to  AW,  W‘  and  verifies  Rp  if  and  only  if 

•  £  lies  between  a  maximal  solution  and  a  minimal  solution: 

3  and  1*2  such  that  SUB  £  SUB  £*2 

£*1  is  a  minimal  element  of  W  n  W‘  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5). 

£‘2  is  a  maximal  element  of  W  n  Wt  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5). 

•  £  is  a  union  of  simple  information  flow  paths  of  £U,  the  Universal  Net. 

These  results  on  W  can  be  translated  into  properties  on  V.  The  combination  of  Propositions 
7.15  and  7.3  yields  a  characterization,  illustrated  in  Figure  7.4,  of  the  WDVS  that  verify  R6, 
Rp,  Rc  and  Assumption  7.1. 


W  n  P(R1)  n  P(R2)  n  P(R3)  nP(R4)  n  P(R5)  n  P(Rp) 
Fig.  7.4  Assignment 


EX 


EX 


EX 
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Any  WDVS  that  verifies  R6,  Rp  and  R<;  and  Assumption  7.1  is  such  that 

•  The  set  X  is  partitioned  into  EXi,...,  EX„.  (Proposition  7.3) 

•  The  elements  of  each  subset  EXj  are  assigned  to  the  same  unique  fixed  structure  in 
W*  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5),  whose  ordering  can  be  depicted  by  a 
Hasse  diagram  (Assumption  7.1).  In  W*n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  r»  P(R5), 
this  structure  lies  between  one  minimal  element  and  one  maximal  element 
(Proposition  7.15). 

EXj — >21^1  with  SUB  SUB  L^2.j2»—» 

EX„ — with  SUB  E™  SUBE^^^i^. 

•  In  each  W‘,  one  goes  from  a  fixed  structure  to  a  fixed  structure  that  is  immediately 
superior  by  adding  a  simple  information  flow  path  of  EU  (Proposition  7.15). 

This  thesis  now  turns  to  the  constraints  that  have  been  expressed  using  the  language  of  the 
set  V  exclusively. 

7.4.4  Constraints  R7,  R8,  R9 

These  constraints  do  pose  difficulties  as  far  as  convexity  is  concerned.  If  ITi,  112  H 
are  three  WDVS  such  that  IIi  ACT  11  ACT  IIi.  if  any  input  link  in  111  is  permanent  (FIi  verifies 
R7,  R8,  R9)  and  any  input  link  in  112  i*  pennanent  (112  verifies  R7,  R8,  R9),  then  11  may 
violate  one  of  the  constraints  R7,  R8,  R9.  This  happens  if  some  input  links  are  present  in  112  but 
not  in  Hi-  One  can  construct  a  WDVS  IT,  that  violates  one  of  the  constraints  R7,  R8,  R9,  by 
considering  IIi.  and  by  activating  an  input  link  that  is  present  in  112  but  not  in  IIi  for  some 
elements  of  X  only. 


Example  7.3: 

A  violation  of  constraints  R7,  R8,  and  R9  is  depicted  on  Figure  7.5.  A  series  of  variable 
structures  with  two  roles  and  two  sensors  is  presented.  In  each  structure,  the  links  that 
are  permanent  have  not  been  annotated.  XI  =  {A,  B)  and  X2  =  {U,  V)  are  the  output 
alphabets  of  the  sensors,  LI  is 


LI  = 


10  0  0 
0  0  0  0 
0  0  0  0 
0  0  0  0 


<A,  U> 
<A,  V> 
<B,  U> 
<B,  V> 
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Sensor  1 


Fig.  7.5  Violation  of  Constraints  R7,  R8,  R9 


The  structures  are  considered  from  top  to  bottom.  All  the  links  are  permanent  in  the 
first  structure.  This  first  structure  lies  above  a  structure  in  which  one  input  link  is 
variable.  This  intermediate  structure  is  itself  above  one  structure  in  which  all  links  are 
permanent.  The  first  and  the  third  structures  verify  constraints  R7,  R8,  R9,  whereas 
the  second  structure  violates  constraint  R7. 

The  convexity  of  the  constraints  is  destroyed  between  WDVSs  that  have  different  input 
links.  However,  Proposition  7.16  indicates  that  the  convexity  is  preserved  between  variable 
structures  that  have  the  same  input  links. 

Proposition  7.16 

Let  Ill.  n2  and  IT  be  three  WDVS  such  that  Hi  ACT  IT  ACT  n2* 

If  R7(ni)  =  R7(n2)  =  R8(ni)  =  R8(n2)  =  R9(ni)  =  R9(n2)=  tme  and 

if  every  input  link  in  112  activated  in  111,  then  R7(n)  =  R8(n)=  R9(n)  =  true. 


Proof: 

n  has  the  same  input  links  as  IIi  and  112.  which  satisfy  R7,  R8,  R9. 

Therefore,  the  input  links  in  FI  are  permanent  and  II  satisfies  R7,  R8,  R9. 

Note  that  the  input  links  of  a  variable  structure  are  permanent  if  and  only  if  they  are  present 
in  any  fixed  structure  in  the  support.  Proposition  7.16  shows  therefore  that  the  WDVSs  that 
satisfy  constraints  R7,  R8,  and  R9  are  characterized  by  their  input  links.  Each  combination  of 
input  links  corresponds  to  one  convex  set  of  those  WDVS  which  satisfy  R7,  R8  and  R9. 

7.4.5  Partial  Characterization 

Proposition  7.17 

Any  WDVS  that  satisfies  all  constraints  but  RIO  is  such  that 

=  EXj  with  (i?^)  =>  EXiO  EXj  =0. 

•  V  i  in  [l..m] ,  V  x  in  EXj 

•  3  2^1  and  2i2  in  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  r>  P(R5) 

s.t  2^1  SUB  (IKx)  =  20  SUB  2^2 

and  s.t  2'i  and  2^2  have  the  same  input  links. 

•  2Ms  a  union  of  simple  information  flow  paths  of  2U,  the  Universal  Net 


Proof: 

The  first  statement  comes  from  Proposition  7.15.  The  first  part  of  the  second  statement 
comes  fiom  the  combination  of  Proposition  7.16  with  Proposition  7.15,  while  the  second 
part  comes  from  Proposition  7.15. 

Proposition  7.17  can  be  translated  instantly  using  the  characterization  of  the  WDVS  in 
matrix  form,  as  expressed  by  Proposition  7.18. 

Proposition  7.18 

n  is  a  WDVS  that  satisfies  aU  constraints  but  RIO  if  and  only  if 

•  The  set  of  inputs  of  X  that  activate  a  link  belongs  to  the  lattice  polynomial 
L(EXj,...  EXJ. 

•  n  is  bounded  by  at  least  one  minimal  element  and  one  maximal  element 

Ill  ACT  n  ACT  n2- 
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•  III  n2  have  the  same  input  links. 

•  The  support  of  the  CPN  representation  of  IT  is  a  union  of  simple  paths  of  ZU. 


Proof: 

The  first  statement  has  been  proved  already. 

One  minimal  element  can  be  constructed  as  follows,  by  assigning  to  every  element  of  EX^ 
a  minimal  fixed  stmcture  in  WS  Z^i. 

EXi  -->  Zii, ....  EX„--> 

One  maximal  element  can  be  constructed  as  follows,  by  assigning  to  every  element  of 
EXi  a  maximal  fixed  Structure  in  WS  1^2  same  input  links  as  Z^i. 

EXi  --->  ZI2.  EX„--">  2^2. 

For  any  assignment  that  satisfies  all  constraints  but  RIO 

EXi  — >  with  11 1  SUB  £1  SUB  . EX^ — >  ^  wilh 

I™!  SUB  1™  SUB  1”‘2-  This  implies.  Proposition  7.4  Hi  ACT  IT  ACT  n2- 
.  Finally,  the  Ordinary  Petri  Net  IKx)  is,  for  any  x,  a  union  of  simple  information  flow 
paths  of  lU,  thus  the  Support  of  the  representation  is  a  union  of  simple  information  flow 
paths.The  converse  is  obvious. 

Proposition  7.18  gives  significant  insights  about  the  set  of  solutions. 

•  A  solution  can  only  be  found  between  a  minimal  variable  structure  IIi  and  a  maximal 
variable  structure  II2.  These  variable  structures  have  the  same  input  links.  It  appears 
therefore  that  the  input  links  constitute  parameters  that  characterize  the  set  of  solutions 
to  the  design  probleoL 

•  Between  one  minimal  and  one  maximal  structure,  the  unit  leading  fiom  one  variable 
structure  IT  to  one  variable  structure  IT*  that  covers  this  structure  is  composed  of  a 
path  and  one  elementary  set  of  inputs  EX|  attached  to  it.  One  goes  from  IT  to  IT'  by 
performing  the  join  of  11  with  the  WDVS  whose  support  is  the  path,  and  in  which 
each  link  is  activated  by  the  elementary  set  of  inputs  EX^.  This  can  be  translated  in 
Petri  Net  terms  by  adding  the  path  to  the  graphical  support  of  the  Colored  Petri  Net 
that  represents  IT,  and  by  checking  that  all  inputs  that  belong  to  EXj  activate  the 
matrices  attached  to  the  arcs  that  belong  to  the  path,  i.e.,  that  the  set  of  inputs  EXj 
influences  all  the  processes  that  belong  to  the  simple  information  flow  path. 
Unfortunately,  all  such  WDVSs  may  not  be  solutions  to  the  design  problem  because  of 
Constraint  RIO. 
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Exanaple  7.4: 

Let  us  illustrate  the  results  that  have  been  obtained  so  far.  Suppose  that  there  are  two 
roles  and  one  sensor.  The  alphabet  of  the  Sensor  is  {A,  B,  C},  and  the 
decomposition  of  leads  to  EX^  =  {<A>} ,  EX2  =  {<B>,  <C>}. 

All  solutions  correspond  to  the  same  permanent  input  links,  one  link  from  the  sensor 
to  the  SA  stage  of  Role  1,  and  one  link  from  the  sensor  to  the  SA  stage  of  Role  2. 

n  P(R1)  n  P(R2)  n  P(R3)  r>  P(R4)  n  P(R5)  has  a  unique  maximal  element, 
represented  on  Fig.  7.6,  and  a  unique  minimal  element  represented  on  Bg.  7.7. 


Rg.  7.7  Minimal  Element  of 


W2  n  P(R1)  n  P(R2)  n  P(R3)  n  P(R4)  n  P(R5)  has  a  unique  maximal  element, 
represented  on  Fig.  7.8,  and  a  unique  minimal  element  represented  on  Bg.  7.9. 


Fig.  7.8  Maximal  Element  of 


Rg.  7.9  Minimal  Element  of 


There  is  one  and  only  one  minimal  variable  structure,  which  is  represented  on  Rg.  7. 10. 
To  make  the  notations  simple,  a  permanent  link  has  not  been  annotated.  The 
annotation  {A}  indicates  that  the  link  is  activated  by  <A>. 


Rg.7.10  Minimal  Variable  Structure 

Thoe  is  one  and  only  one  maximal  variable  structure,  which  is  represented  on  Rg.  7.1 1. 
The  unique  building  simple  information  flow  path  that  allows  one  to  go  from  the  minimal 
variable  structure  to  the  maximal  variable  structure  is  the  path  of  Fig.  7.12.  One  can 
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attach  any  element  of  L  ({<A>},{B,C})  =  {0,  {<A>},  {A,  B,  C) }  to  the  path. 

Fig.  7.13  depicts  an  intermediate  result,  in  which  {B,C}  is  attached  to  the  path. 


Rg.  7.11  Maximal  Variable  Stracture 


Rg.7.12  Building  Path 


Fig.  7.13  Intermediate  Variable  Structure 
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7.5  CONSTRAINT  RIO 


7.5.1  Problem  Definition 

Consider  some  minimal  variable  structure  IIi.  some  maximal  variable  structure  n2t  and 
some  variable  structure  11  that  lies  between  them  and  verifies  Proposition  7.18.  The  set  AC,  of 
inputs  that  activate  the  link  in  IT,  contains  the  set  ACl,  of  inputs  that  activate  the  link  in  IIi.  and 
is  contained  in  AC2,  the  set  of  inputs  that  activate  the  link  in  n2*  Proposition  7.18  states  that, 
for  any  element  A  of  L(EXi,..,  EX^)  between  ACl  and  AC2,  there  exists  some  variable 
structure  that  satisfies  all  constraints  but  RIO  such  that  AC  =  A.  However,  constraint  RIO 
indicates  that  a  partition  between  AC  and  DC  is  valid  if  and  only  if  the  effective  alphabets  of  the 
partition  are  accessible,  i.e.,  if  the  stages  have  enough  information  to  be  meaningfully 
coordinated.  There  are  two  problems.  The  first  comes  from  the  fact  that  the  set  of  effective 
alphabets  vary  irregularly  when  successive  elementary  sets  of  inputs  EXj  are  added  to  the  set  of 
inputs  that  activate  a  link.  The  second  is  the  fact  that  an  alphabet  can  be  effective  without  being 
accessible,  and  vice  versa.  These  two  mechanisms  are  very  powerful  for  eliminating  WDVSs  that 
satisfy  all  constraints  except  RIO,  but  whose  coordination  does  not  make  sense. 

Example  7.5: 

Suppose  that  there  are  two  alphabets,  Xj  -  {A,  B,  C}  and  X2  -  {U,  V},  and  that  the 
decomposition  of  Rc  yields  EXj  =  {  <A,  U>},  EX2  =  {<A,  V>},  and 
EX3  s  <B>  u  <C>.  If  a  link  can  vary  between  a  given  minimal  variable  structure 
and  a  given  maximal  structure  from  AC  »  0  to  AC  =  X,  the  two  following  sequences 
are  valid  sequences  for  AC. 

•  0,  EXi ,  EXj  u  EX2  »  <A>,  <A>  u  (<B>  u  <C>  )  =  X 

•  0,  EX3  =  <B>  u<C>,  EX3uEX2=<B>  u<C>  u<A,V>,  X. 

Over  those  two  sequences,  the  set  of  effective  alphabets  of  the  partition  has  an 
irregular  pattern. 

Over  the  first  sequence,  this  set  is  0,  (X^,  X2},  (X^ }  and  finally  0. 

Over  the  second  sequence,  this  set  is  0,  (Xi),  (X^,  X2)  and  finally  0. 

Now,  if  it  happens  that  X2  is  the  only  accessible  alphabet,  then  none  of  those 
sequences  are  allowed. 

This  example  shows  that  constraint  RIO  can  be  quite  stringent,  and  can  restrict  dramatically 
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the  number  of  solutions  to  the  design  problem,  as  compared  to  the  size  of  the  set  of  WD  VS  that 
satisfy  all  constraints  but  RIO.  A  practical  example  of  this  reduction  is  given  in  chapter  VH  One 
feels  immediately  that  this  reduction  in  size  can  have  both  positive  and  negative  effects.  On  one 
hand,  this  reduction  facilitates  the  computational  problem  and  any  implementation  of  the 
methodology.  Another  positive  effect  is  that  it  may  provide  the  designer  with  a  small  set  of 
solutions,  which  may  be  analyzed  more  thoroughly  than  if  the  set  of  solutions  were  large.  On  the 
other  hand,  this  reduction  in  size  may  interfere  with  the  probability  that  a  solution  exists,  because 
the  more  drastic  the  reduction,  the  less  likely  the  existence  of  a  solution.  Under  general 
assumptions,  it  caimot  be  proved  that  there  necessarily  exists  a  solution  to  the  design  problem. 
However,  some  valuable  insights  can  be  provided  into  constraint  RIO,  which  are  detailed  in  the 
next  subsection.  Hnally,  note  that  it  is  unlikely  that  this  reduction  in  size  is  just  an  artifact  of  the 
model.  RIO  is  a  constraint  that  enforces  one  coordination  mechanism.  RIO  describes  one 
approach  in  which  a  variable  interaction  is  valid  if  tiiis  variable  interaction  is  directly  related  to  the 
information  already  possessed  by  the  objects  of  the  system.  There  are  many  practical  and 
theoretical  reasons  to  believe  that  coordinating  the  activity  of  distributed  entities  is  very  difficult 
The  variable  structures  that  satisfy  all  constraints  but  RIO  are  created  by  taking  all  combinations 
of  fixed  dataflow  structures  in  m  different  sets.  It  would  be  very  surprising  if  an  arbitrary 
combination  were  to  achieve  a  valid  coordination. 

7.5.2  Partial  Ordering  EFF 

The  notion  of  accessible  patterns  has  been  introduced  in  Chapter  VI  to  deal  with  constraint 
RIO.  A  partial  ordering  must  be  defined  on  the  set  of  accessible  patterns  to  ease  the  analysis  of 
constraint  RIO. 

Definition  7.6 

Let  E,  E'  be  two  accessible  patterns.  The  binary  relation  EFF  is  defined  by 

•  EEFFE’  ifandonlyif 

•  Every  entry  of  E  is  included  in  the  corresponding  entry  of  E*. 

In  other  words,  E  EFF  E'  if  and  only  if  the  alphabets  that  are  accessible  in  E  are  accessible 
in  E'  for  each  link.  If  a  variable  structure  IT  has  an  accessible  pattern  E  and  IT'  has  an  accessible 
pattern  E',  each  link  in  IT'  has  access  to  at  least  as  many  sources  of  information  as  the 
corresponding  link  in  11.  The  partition  between  AC  and  DC  at  each  link  can  be  based  on  more 
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infonnati(m  in  IT'  than  in  IT.  Note  however,  that  this  does  not  imply  anything  about  the  effective 
alphabets  of  the  partition.  A  partition  is  valid  if  and  only  if  the  set  of  its  effective  alphabets  is 
included  in  the  set  of  accessible  alphabets,  but  there  are  no  reasras  that  force  the  set  of  effective 
alphabets  to  be  exactly  the  set  of  accessible  alphabets.  The  binary  relation  EFF  is  of  theoretical 
interest  because  of  Proposition  7.19. 

Proposition  7.19 

The  binary  relation  EFF  is  a  partial  ordering  of  the  set  of  all  accessible  patterns. 

Proof: 

The  relation  is  trivially  reflexive.  It  is  antisymmetric,  because  "is  included  in"  is 
antisymmetric  componentwise,  it  is  transitive  because  "is  included  in"  is  transitive 
con^nent-wise. 

The  goal  of  this  subsection  is  to  relate  properties  of  WDVS  and  the  ordering  of  their 
effective  patterns.  The  first  result  is  Proposition  7.20,  which  compares  the  intersection  of  two 
accessible  patterns  E  and  E',  to  E  and  to  E*. 

Proposition  7.20 

Let  E  and  E'  be  two  accessible  patterns,  then 
(EINTEO  EFF  E  and 
(EINTE')  EFF  E' 

The  proof  is  obvious  from  the  definition  of  INT,  Definition  6.3. 

This  simple  proposition  has  many  implications. 

•  First,  it  shows  that  the  accessible  pattern  of  a  variable  structure  shrinks  when  its 
support  contains  more  and  more  fixed  structures.  Indeed,  suppose  that  the  support  of 
a  variable  structure  contains  k  fixed  structures  and  corresponds  to  an  accessible 
pattern  E.  If  a  (k+l)-th  structure  £  is  added  to  the  support,  then  the  accessible 
pattern  becomes  E  INT  E(£) ,  with  (E  INT  E(£))  EFF  E.  The  level  of  information 
on  which  the  variability  can  be  based  gets  smaller,  and  so  does  the  number  of 
structures  that  verify  RIO. 

•  Second,  this  property  validates  to  a  certain  extent  Assumption  7.1.  By  choosing  to 
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generate  a  variable  structure  with  a  minimal  number  of  fixed  structures,  the  designer 
makes  sure  that  he  gets  the  largest  accessible  pattern  possible.  The  designer 
maximizes  the  possibility  that  a  solution  exists. 

•  Finally,  because  this  proposition  gives,  within  this  model,  a  mathematical  formulation 
of  the  intuition  that  if  a  structure  is  more  and  more  variable  (if  the  support  has  more 
and  more  fixed  structures),  it  becomes  more  and  more  difficult  to  coordinate  the  activities 
in  a  structure  (the  accessible  pattern  gets  smaller).  On  the  other  hand,  Proposition  7.21 
describes  a  mechanism  that  increases  effective  patterns. 

Proposition  7.21 

(2  SUB  2’)  impUes  E(2)  EFF  E(2*). 

Proof: 

Let  T  be  some  stage  (some  transition)  in  2.  If  an  alphabet  Xi  is  accessible  in  2  at  stage  T, 
there  exists  a  path  from  Sensor  i  to  T  in  the  Petri  Net  representation  of  2.  This  path  is 
also  present  in  2',  because  2  SUB  2'.  Therefore,  the  set  of  alphabets  that  are  accessible 
at  T  ih  2'  contains  the  set  of  alphabets  that  are  accessible  at  T  in  2.  Thus,  the  set  of 
alphabets  that  are  accessible  at  both  ends  of  any  link  in  2'  contains  the  set  of  alphabets 
that  are  accessible  at  both  ends  of  the  link  in  2. 

Proposition  7.21  indicates  that  the  effective  pattern  associated  with  a  fixed  structure  gets 
larger  if  some  connectivity  is  added  to  the  fixed  structure.  This  proposition  counterbalances  to  a 
certain  extent  Proposition  7.20.  It  shows  that  the  effective  pattern  of  one  variable  structure  can 
be  increased  by  adding  connectivity  to  the  fixed  structures  that  belong  to  its  support  Indeed  if 
each  fixed  structure  is  mote  connected,  the  effective  patterns  are  larger,  and  their  intersection,  the 
effective  pattern  of  the  variable  structure  is  larger.  As  far  as  solutions  to  the  design  problem  are 
concerned.  Propositions  7.17, 7.20  and  7.21  can  be  combined  into  Proposition  7.22. 

Proposition  7.22 

Let  n  be  a  WDVS  that  satisfies  proposition  7.17. 
n  ACT  11'  is  equivalent  to 

V  i  in  [l..m]  2*  SUB  2**  which  implies 

V  i  in  [l..m]  E(2i)  EFF  E(  2*4)  which  impUes 
E(n)  EFF  E(n'). 
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This  proposition  reflects  a  trade-off  between  activation  and  variability  in  a  variable  structure. 
If  each  interaction  in  a  variable  structure  is  activated  by  more  and  more  inputs,  each  object  in  the 
system  receives  more  and  more  information.  The  possibility  of  having  a  coordinated  variable 
pattern  of  interaction  is  thus  increased  (ECII)  increases).  On  the  other  hand,  adding  more  and 
more  inputs  in  AC  reduces  the  number  of  partitions  such  that  AC  contains  AC.  Therefore  by 
moving  up  from  a  minimal  variable  structure  to  a  maximal  variable  structure,  one  obtains  larger 
set  of  observations  on  which  to  base  a  partition  of  X  into  AC  and  DC,  while  having  less  and  less 
variable  structures  left  over  up  to  the  maximal  element 

Note,  however,  that  accessible  patterns  do  not  describe  all  links  in  the  system.  By 
definition,  an  accessible  pattern  describes  only  those  links  that  can  be  variable,  whereas 
Proposition  7.21  does  not  establish  any  distinction  between  links  that  can  be  variable  and  links 
that  can  be  permanent.  One  can  also  increase  the  accessible  pattern  of  a  variable  structure  by 
adding  permanent  links  in  the  structure,  between  the  sources  of  information  and  the  input  stages. 
There  are  thus  two  mechanisms  to  increase  the  amount  of  information  accessible  at  the  stages, 
increasing  the  access  to  the  sources  of  information,  or  increasing  the  exchange  of  information. 
The  problem  with  the  first  mechanism  is  that  it  may  create  conflicts  with  the  peifonnance  of  the 
roles.  The  problem  with  the  second  mechanism  is  that  it  restricts  the  numbo*  of  variable 
structures  that  are  solutions  to  the  design  problem.  Note,  finally,  that  increasing  the  sources  of 
information  means  moving  from  one  set  of  solutions,  characterized  by  some  permanent  input 
links,  to  some  other  set  of  solutions,  characterized  by  more  permanent  input  links.  On  the  other 
hand,  increasing  the  exchange  of  information  means  moving  up  from  the  minimal  variable 
structures  to  the  maximal  variable  structures  within  a  set  of  solutions  characterized  by  the  same 
permanent  input  links. 

Proposition  7.22  indicates  that  the  effective  pattern  of  a  variable  structure  is  increasing  fix)m 
a  minimal  element  to  a  maximal  element  One  can  thus  view  the  structure  of  the  set  of  solutions 
as  a  layering  of  partially  ordered  sets.  Each  layer  corresponds  to  variable  structures  that  have  the 
same  accessible  pattern.  Proposition  7.23  is  important  for  making  the  structure  of  these  layers 
precise. 

Proposition  7.23 

Let  E  be  some  accessible  pattern. 

The  set  of  all  variable  structures  such  that  Edl)  EFF  E  is  a  sublattice  of  V. 


143 


Proof: 

Let  L  be  a  link.  Even  by  relabeling  the  alphabets,  suppose  that  the  entry  corresponding 

to  L  in  E  is  {XI, Xk).  XI  =  {xli . xl|xii),..»  Xk  =  {xk2,...,  xk|Xk|}. 

If  Hi  and  112  two  WDVS  such  that 

Edii)  EFF  E  and  Edla)  EFF  E.  then,  by  definition  of  the  effective  alphabets 


ACj  = 


it  inll,  ikinik  “ 


with  II  included  in  [L.IXll],...,  Ik  included  in  [L.IXkl],  and 


AC2  = 


u 

it  inl'l. 


..  ik  in  I  Ic 


Xk^f>} 


with  ri  included  in  [L.IXll],...,  I*k  included  in  [L.IXkl]. 

The  definition  of  the  meet  of  two  structures  implies  that  a  link  is  activated  by  any  input 
diat  activates  L  in  IIi  and  IIi,  thus 


"meet  ni  Old  112 


it  in  Ilrtl  *1. _ ik  in  Iknl  Ic 


{<xl .j  >  } 


The  effective  alphabets  of  the  meet  belong  to  {XI, ..,  Xk),  because  AC  can  be  written  as 
a  union  of  the  equivalence  classes  of  the  relation  Ri i^,  as  introduced  in  Definition  4. 13. 
The  definition  of  the  join  of  two  structures  implies  that  a  link  is  activated  by  every  input 
that  activates  L  in  IIi  or  that  activates  L  in  Tl2>  thus 


AC  = 

join  m  and  112 


{<xl. 


Ifere  again,  the  effective  alphabets  of  the  join  belong  to  {XI, ..,  Xk],  because  AC  can  be 
written  as  a  union  of  the  equivalence  classes  of  the  relation 


Proposition  7.19  indicates  therefore  that  each  layer  between  a  minimal  element  and  a 
maximal  element  of  Proposition  7. 18  corresponds  to  the  intersection  of  a  sublattice  with  a  convex 
set  This  intersection  is  thus  characterized  by  its  minimal  and  maximal  elements,  and  the  building 
block  that  allows  advancing  from  (me  structure  to  a  structure  that  covers  it 
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7.6  CHARACTERIZATION  OF  THE  SOLUTIONS 


The  successive  propositions  that  characterized  the  set  of  solutions  to  the  design  problem  can 
be  summarized  in  a  single  proposition. 

Proposition  7.24 

n  is  a  WDVS  that  satisfies  all  constraints  if  and  only  if 

•  The  graphical  support  of  the  CPN  is  a  union  of  simple  information  flow  paths  of  £U. 

•  n  is  bounded  by  at  least  one  minimal  solution  and  one  Tnaximal  solution 

Hi  ACT  n  ACTn2. 

•  III  n2  bave  the  same  permanent  input  links. 

•  EdI)  =  E  if  and  only  if 

•  n  is  bounded  by  one  minimal  solution  II'i  and  one  maximal  solution  n'2 
such  that  Il’i  ACT  H  ACT  n'2 

E(n’i)  =  E(n'2)=E 

•  Let  L  be  a  link,  and  {Xil, ...  Xik}  be  the  entry  corresponding  to  that  link  in  EfR)- 
The  set,  AC,  of  inputs  that  activates  the  link 

•  belongs  to  the  lattice  polynomial  L(EXj,..,  EX^ 

•  can  be  expressed  as  a  union  of  equivalence  classes  of  Rji,  ,, 


Proof: 

The  first  three  statements  have  been  proved.  The  fourth  one  combines  Propositions  722 
and  7.23.  The  fifth  combines  the  fact  that  AC  belongs  to  L(EXj,..,  EX^  and  the  need  to 
construct  it  from  the  information  contained  in  the  accessible  alphabets,  and  thus  to 
construct  it  by  considering  the  union  of  the  equivalence  classes  of  Rii,..^  jk- 

Definitim  7.7 

A  NGnimal  Solution  to  the  design  problem  is  called  a  VMINO. 

A  Maximal  Solutitxi  to  the  design  problem  is  called  a  VMAXO. 

Proposition  7.24  shows  that  the  set  of  solutions  is  characterized  by  several  parameters. 

•  Hrst,  the  combinations  of  permanent  input  links.  A  set  of  solutions  is  attached  to  each 
cmnbination. 


145 


•  Second,  the  set  of  solutions  attached  to  one  combination  can  be  found  between  some 
VMINOs  and  some  VMAXOs.  There  is  a  layering  of  partially  ordered  sets  from  a 
VMINO  to  a  VMAXO.  Each  layer  corresponds  to  WDVS  whose  pattern  of  interaction 
is  E.  The  partially  ordered  sets  are  layered  in  an  increasingly  effective  pattern  of 
interactions.  Each  layer  is  a  sublattice  of  the  lattice  of  the  WDVS  s.t,  Edl)  EFF  E. 
Oie  possible  ctxifiguration  of  the  set  of  solutions  is  depicted  on  Fig.  7.14. 


Subset  2 


A 


VMAXO  1 


VMAXO  2 


ACT 


Subset  1 


Fig.  7.14  Structure  of  the  Set  of  Solutions 

There  are  two  subsets  of  solutions.  Each  subset  corresponds  to  one  combination  of 
permanent  input  links,  and  is  characterized  by  some  VMINOS  and  VMAXOS.  Frc»n  VMINO  2 
to  VMAXO  2,  three  layers  have  been  depicted.  They  correspond  to  the  effective  patterns  El,  E2, 
E3,  with  El  EFF  E2  EFF  E3.  The  next  chapter  illustrates  these  results  within  the  problem  of 
designing  two  practical  systems. 
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CHAPTER  Vra 


TWO  APPLICATIONS  OF  THE  METHODOLOGY 


In  this  chapter,  the  methodology  is  applied  to  two  design  problems.  These  problems  have 
been  chosen  to  illustrate  both  the  modeling  issues  and  the  results.  The  first  example  describes  the 
problem  of  coordinating  tasks  in  a  submarine.  The  second  one  is  concerned  with  one  part  of  the 
Air  Traffic  Control  system,  the  Airport  Surface  Traffic  Control  system. 

8.1  COORDINATION  OF  TASKS  IN  A  SUBMARINE 

8.1.1  The  System 

This  first  example  describes  a  simplified  version  of  systems  that  develop  tactical  responses 
in  military  submarines.  The  tactical  concepts  presented  here  are  from  the  US  Navy,  and  have 
been  illustrated  quite  convincingly  in  best  sellers  such  as  The  Hunt  for  Red  October  (Qancy, 
1984).  The  submarine  is  supposed  to  be  in  a  sensitive  tactical  situation  and  faces  two  major 
extonal  threats,  toq}edoes  and  depth  charges.  Torpedoes  can  be  launched  by  enemy  submarines, 
while  depth  charges  can  be  dropped  fiom  enemy  ships  cnr  airplanes.  Submarines  can  be  detected 
by  passive  or  active  sonars,  and  surface  ships  and  planes  are  also  detected  through  acoustical 
devices.  This  section  focuses  on  designing  a  variable  structure  Command  and  Control  system 
that  adapts  its  structure  of  interactions  to  the  tactical  parameters. 

The  submarine  has  access  to  two  sources  of  information,  the  observations  fiom  the  surface 
enviroiunent  and  the  observations  fiom  the  deep  sea  environment  These  sources  of  information 
can  be  modeled  by  two  sensors.  Sensor  1  and  Sensor  2. 

•  Sensor  1  describes  the  deep  sea  environment 

Its  output  alphabet  is  XI  »  (NoSubmarine,  Submarine,  Torpedo},  where  NoSubmarine 
indicates  that  no  submarine  is  detected  by  acoustical  devices.  Submarine  indicates  that 
the  noise  of  a  submarine  vessel  has  been  heard,  and  Torpedo  indicates  the  detection  of  a 
torpedo.  To  make  notations  more  compact  XI  is  abbreviated  by  XI  =  (NS,  S,  T). 
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•  Sensor  2  describes  the  surface  environment. 

Its  output  alphabet  is  X2  =  {NoSurface,  Surface,  Depth  Charge},  where  NoSurface 
indicates  that  no  particular  noise  coming  from  the  sea  surface  hints  at  the  presence 
of  a  surface  ship  or  a  plane.  Surface  indicates  that  some  characteristic  noise  has  been 
heard,  and  Depth  Charge  models  the  detection  of  an  offensive  weapon.  Here  again,  X2  is 
abbreviated,  and  X2  =  {NSU,  SU,  dC}. 

•  The  inputs  to  the  system  are  given  by  the  cross  product  of  the  output  alphabets. 

X  =  XI  X  X2  =  (  <NS,  dO,  <NS,  NSU>,  <NS,  SU  >,  <S,  dC>,  <S,  NSU  >, 
<S,  SU  >,  <T,  dC>,  <T,  NSU  >,  <T,  SU  >}.  X  contains  9  inputs  and  has  been  ordered 
lexicographically. 

The  Command  and  Control  system  is  composed  of  three  roles:  The  Anti  Submarine  Warfare 
Commander  (ASW),  the  Anti  Surface  Warfare  Commander  (ASUW),  and  the  Officer  of  the 
Deck  (OOD).  The  degree  of  redundancy  of  each  role  is  1.  The  role  of  the  Officer  of  the  Deck 
(OOD)  is  at  the  top  of  the  hierarchical  chain.  This  role  has  the  responsibility  for  integrating  all 
aspects  of  the  ship's  mission,  and  must  be  ready  to  assume  the  command  of  the  ship  at  all  times. 
The  OOD,  however,  does  not  have  immediate  access  to  the  sensor’s  observations,  which  are  the 
responsibilities  of  ASW  and  ASUW.  The  area  of  competence  of  ASW  is  anti  submarine  warfare. 
ASW  monitors  the  deep  sea  environment  through  different  acoustical  devices.  ASW  has  been 
trained  to  recognize  the  characteristic  noise  of  foes  and  friendly  ships,  as  well  as  their  tactical 
submarine  procedures.  Similarly,  ASUW  is  the  expert  in  anti-surface  warfare.  ASUW  can 
recognize  the  noise  of  ships,  the  type  of  missions  to  which  ships  can  be  assigned,  and  all 
relevant  aspects  of  surface  warfare.  The  Command  and  Control  system  develops  a  tactical 
response  that  is  transmitted  to  the  effectors,  the  rest  of  the  crew,  which  includes  the  ship  control 
paity  and  the  combat  elements. 

Because  of  the  hierarchical  relationships,  it  is  assumed  that  ASW  cannot  issue  a  command  to 
ASUW,  and  conversely  that  ASUW  cannot  issue  a  command  to  ASW.  It  is  further  assumed  that 
the  design  should  characterize  structures  that  optimize  the  existing  competence  in  the  system.  For 
that  purpose,  the  ASW  should  be  the  role  that  formulates  the  tactical  response  if  the  submarine  is 
only  threatened  in  the  deep  sea  environment  Similarly,  if  a  threat  is  detected  in  the  surface 
environment  only,  the  ASUW  should  be  the  role  that  issues  commands  to  the  effectors.  Finally, 
if  no  threat  has  been  detected,  or  if  threats  are  detected  in  both  environments,  the  Officer  of  the 
Deck  should  fcxmulate  the  tactics  to  be  followed.  Finally,  it  is  assumed  that  five  human  resources 
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can  be  assigned  to  be  the  Officer  of  the  Deck.  These  human  resources  cannot  be  assigned  to 
ASW  or  ASUW.  Four  human  resources  can  be  assigned  to  ASW,  while  four  other  human 
resources  have  the  training  required  to  perform  the  role  of  the  Anti  Surface  Warfare  Commander. 
Each  resource  can  perfonn  one  and  only  one  role. 

8.1.2  Constraints 


The  informal  description  of  the  system  done  in  subsection  8.1.1  can  be  translated  into 
mathematical  constraints  using  the  methodology  of  this  thesis.  Three  roles  have  already  been 
identified,  as  well  as  two  sources  of  information.  The  cross  product  of  the  sensor's  alphabets  is 
X,  which  ccHitains  nine  elements.  The  knowledge  that  has  been  acquired  about  the  system  allows 
us  to  formulate  the  constraints  described  in  the  sequel.  Throughout  the  specifications,  a  "#" 
denotes  that  a  link  has  not  been  specified,  i.e.,  this  link  is  a  degree  of  freedom  in  the  design.  A 
"I"  denotes  the  9  x  9  identity  matrix,  i.e.,  the  link  is  activated  by  all  inputs,  and  a  "0"  denotes  the 
9x9  null  matrix,  ie.,  the  link  has  been  ruled  out  and  cannot  be  activated  by  any  input. 


Constraints  on  S: 

The  matrix  S  is  a  2  x  3  block  matrix.  It  is  given  by: 


S 


ASW  OGD  ASUW 

r  I  0  0l  Sensor  1 
"Lo  0  ij  Sensor  2 


The  matrix  S  is  completely  specified.  S  indicates  that  the  outputs  of  Sensor  1,  the  state  of 
the  deep  sea  environment,  can  only  be  monitored  by  ASW,  and  that  the  outputs  of  Sensor  2,  the 
state  of  the  surface  environment,  can  <xily  be  accessed  by  ASUW. 

Constraints  on  s: 

The  otyective  of  the  design  is  to  obtain  variable  structures  that  optimize  the  competence  of 

the  different  roles.  Thus 

•  ASW  must  select  a  response  to  be  sent  to  the  effectors  if  and  only  if  the  inputs  to 
the  system  are  <S,  NSU>,  <T,  NSU>.  These  inputs  describe  the  situations  in 
which  there  is  only  a  submarine  threat 

*  ASUW  must  select  a  response  to  be  sent  to  the  effectors  if  and  only  if  the  inputs 
to  the  system  are  <NS,  dC>,  <NS,  SU>.  These  inputs  describe  the  situations  in 
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which  there  is  only  a  surface  threat 

•  OOD  must  select  the  response  in  all  other  cases,  which  are  <NS,  NSU>, 
<S,  dC>,  <S,  SU>,  <T,  dC>,  <T,  SU>.  These  inputs  describe  the  situations  in 
which  there  are  either  no  threats,  or  threats  in  both  the  submarine  and  the  surface 
environments.  This  is  translated  by: 


ASW  OOD  ASUW 

s  =  [Ll  L3  L2] 

where. 


0 

0 

0 

0 

0 

0 

0 

0 

0 
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0 

0 

0 

-d‘,SU> 

LI  indicates  that  ASW  selects  the  response  if  and  only  if  the  inputs  to  the  system 
are  <S,  NSU>  or  <T,  NSU>.  Similarly, 


1 
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L2  indicates  that  ASUW  selects  the  response  if  and  only  if  the  inputs  to  the 
system  are  <NS,  dO  or  <NS,  SU>.  Finally, 
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13= 
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L3  indicates  that  CX)D  selects  the  response  if  and  only  if  die  inputs  to  the  system 
are  <NS,  NSU>,  <S,  dC>,  <S,  SU>,  <T,  dC>,  <T,  SU>. 


Constraints  on  F: 

Both  ASW  and  ASUW  must  inform  OOD  of  their  situation  assessment  OOD  does  not 
receive  informatimi  at  its  S  A  stage,  therefore  it  cannot  perform  situation  assessment  No 
other  constraints  have  been  stated  on  the  Glaring  of  informati<Mi.  Thus  F  is 


ASW  OGD  ASUW 


F 


0  I  # 
0  0  0 
L#  I  a 


A5W 

OGD 

ASOW 


Constraints  on  G: 

No  role  can  receive  as  an  input  the  response  of  the  other  role,  therefore 


0  0  0 
G»  0  0  0 

Lo  0  oj 


Constraints  on  H: 

No  ccmstraint  has  been  expressed  on  the  sharing  of  responses,  therefore 


Constraints  on  C: 

The  only  constraint  on  the  hierarchical  structure  is  that  both  ASW  and  ASUW  cannot 
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issue  commands  or  advisories  regarding  the  tactical  response  to  each  other.  However, 
they  can  issue  advisories  tt>  OOD,  or  can  receive  commands  or  advisories  fiom  it. 


ASW  CD  ASUW 
’O  #  Ol  ASW 
C»  #  0  #  OD 
.0  #  oj  ASUW 


Constraint  on  RD 

Three  classes  of  resources  can  be  identified  from  the  informal  descripticMi  of  the  system. 
Each  class  corresponds  to  a  pool  of  human  decisionmakers,  all  of  whom  have  received 
the  same  training,  and  can  be  assigned  to  one  and  only  one  role.  To  make  the  notations 
simple,  each  class  is  represented  by  a  unique  resource  place.  The  initial  marking  of  the 
resource  place  indicates  how  many  persons  belong  to  that  class.  Thus 

ASW  OOD  ASUW 
"l  0  ol  CLASS  1 

RDs  0  10  CLASS2  with M(Qass  1)  =  M(Class 3)  - 4,  M(Class 2)  =  5 
.0  0  1.J  CLASS3 


These  constraints  are  shown  on  Figures  8.1  and  8.2. 


Fig.  8.1  Constraints  on  the  Resource  Structure 


Figure  8.1  describes  the  constraints  (xi  the  resource  structure,  while  Figure  8.2  describes  the 
constraints  on  the  functional  structure.  The  expression  of  the  constraints  are  as  follows:  a  link 
that  has  been  ruled  out  has  not  been  represented,  a  link  that  is  permanent  is  drawn  with  a  bold 
line  and  without  annotations,  and  a  link  that  is  variable  is  drawn  in  bold  and  annotated  by  the 
matrix  diat  describes  its  activation  over  the  set  of  inputs.  Finally,  the  unspecified  links  have  been 
indicated  and  are  drawn  with  plain  lines. 

8.1.3  Decomposition  of  the  Constraints 

Constraint  Rp  imposes  that  the  link  from  Sensor  1  to  ASW  be  fixed,  that  links  from  Sensor 
1  to  OOD  and  ASUW  be  ruled  out,  that  the  link  from  Sensor  2  to  ASUW  be  fixed,  that  links 
from  Sensor  2  to  OOD  and  ASW  be  ruled  out,  and  lastly  that  all  links  to  the  S A  stage  of  OOD 
must  be  ruled  out  The  Universal  Net  £U,  the  Ordinary  Petri  Net  that  ctmtains  all  links  that  have 
not  been  ruled  out  by  the  the  design  is  the  Ordinary  Petri  Net  depicted  in  Figure  8.3. 

Constraint  applies  to  three  links,  the  links  from  the  RS  stages  of  the  roles  to  the 
effectors.  These  constraints  determine  a  natural  partition  of  X  into  three  elementary  sets  of 
inputs,  EX^,  EX2,  and  EX3. 

•  EXi  =  {<S,  NSU>,  <T,  NSU>},  and  corresponds  to  the  subset  of  W  that  contains 
the  WDFS  in  which  the  fixed  link  from  the  RS  stage  of  the  ASW  to  the  effectors  is 
present,  and  in  which  the  fixed  links  from  the  RS  stages  of  the  OOD  and  the  ASUW  to 
the  effectors  are  not  present  These  inputs  corresponds  to  a  threat  in  the  submarine 
environment  (xily. 

•  EX2  *  {<NS,  dC>,  <NS,  SU>),  and  W^  corresponds  to  the  subset  of  W  that  contains 
the  WDFS  in  which  the  fixed  link  from  the  RS  stage  of  the  ASUW  to  the  effectors  is 
presmt  and  in  which  the  fixed  links  from  the  RS  stages  of  the  OOD  and  the  ASW  to  the 
effectors  are  not  present.  This  subset  corresponds  to  a  threat  in  the  surface 
enviroiunent  only. 

•  EX3  *  {<NS,  NSU>,<S,  dC>,<S,  SU>,<T,  dO,  <T,  SU>},  and  W^  conresponds  to 
those  WDFS  in  which  the  fixed  link  from  the  RS  stage  of  the  OOD  to  the  effectors  is 
Iffesent,  and  in  which  the  fixed  links  frtxn  the  RS  stages  of  tiie  ASW  and  the  ASUW  are 
not  present  These  are  the  cases  in  which  the  OOD  formulates  the  tactical  response. 
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Rg.  SJ2  Constraints  on  the  Functional  Structure 
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Fig.  8.5  Minimal  Elements  in  W* 


Note  that  since  there  are  8  minimal  and  8  maximal  elements,  there  are  at  least  16  elements  in 
that  can  be  the  dataflow  structure  associated  with  the  elementary  set  of  inputs  EXi. 
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Rg.  8.6  Maximal  Elements  in 
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Fig.  8.7  Minimal  Elements  in 


Note  that  also  contains  at  least  16  elements,  which  can  be  associated  with  the  elementary 
set  of  inputs  EX2. 
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Fig.  8.8  Maximal  Elements  in 
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Fig.  8.9  Minimal  Elements  in 


Note  finally,  that  here  again  contains  at  least  16  elements,  which  can  be  the  fixed 
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functional  structure  associated  with  the  elementary  set  of  inputs  EX3. 


8.1.5  SolutitMis  to  the  Design  Problem 

A  WDVS  that  satisfies  all  constraints  of  the  design  except  RIO  is  a  mapping  from  X  to  W,  in 
which  all  the  elements  of  EXi  (EX2  and  EX3  respectively)  are  assigned  to  the  same  functional 
structure  in  (W^  and  respectively).  There  are  16  boundaries  in  the  intersection  of  each 
subset  W2,  W3  with  AW  and  the  set  of  fixed  structures  that  verifies  the  constraints  Rp.  By 
consequence,  there  are  at  least  16  ♦  16  *  16  =  4096  WDVS  that  satisfy  all  constraints  but  RIO . 

The  decomposition  of  Rc  distinguished  three  elementary  sets  of  inputs, 

EXi  =  {<S,NSU>,  NSU>},  EX2  =  {<NS,  dC>,  <NS,  SU>}, 

EX3  =  {<NS,  NSU>,  <S,  DC>,  <S,  SU>,  <^,  dO,  <T,  SU>}. 

Therefore,  for  any  link  in  the  structure,  the  set  AC  of  inputs  that  activate  the  link  belongs  to 
the  lattice  polynomial  generated  by  EXj,  EX2,  and  EX3, 

U  EXj,  EX2,  EX3)  =  {0,  EXj,  EX2,  EX3.  EXjU  EX2,  EXi  UEX3,  EX2UEX3,  X}. 


•  If  AC  =  0  or  X,  the  set  of  effective  alphabets  of  the  partition  is  the  empty  set. 

•  If  AC  belongs  to  {EXi,  EX2,  EX3,  EXjU  EX2,  EXj  UEX3,  EX2UEX3},  XI  and  X2 
are  tlte  effective  alphabets  of  the  partition.  A  variable  link  describes  a  valid  interaction  in  a 
structure  IT  if  and  only  if  the  entry  of  Edl)  that  corresponds  to  the  link  indicates  that  XI 
and  X2  are  accessible. 

The  computation  of  a  solution  is  detailed  in  Appendix  A.  This  example  illustrates  how 
drastic  constraint  RIO  can  be,  because  there  is  one  and  only  one  solution  to  the  design  problem. 
A  CPN  model  of  the  functional  structure  is  depicted  in  Figure  8.10.  This  WDVS  has  been  drawn 
using  the  convention  that  a  link  that  is  not  activated  is  not  represented,  and  that  a  permanent  link 
is  not  aiuiotated.  This  WDVS  corresponds  to  the  folding  of  three  data  flow  structures  depicted  in 
Figures  8.11,  8.12,  and  8.13. 

The  first  WDFS,  represents  the  exchange  of  information  when  there  is  a  threat  in  the 
submarine  environment  only.  In  this  pattern  of  interaction,  the  situation  assessments  of  ASW  and 
ASUW  are  sent  to  every  role  in  the  system.  ASUW  chooses  a  response  which  is  communicated 
to  the  OOD.  The  OOD  incorporates  the  situation  assessments  of  ASW  and  ASUW  to  the 
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response  selected  by  ASUW,  and  selects  a  command  to  be  sent  to  ASW.  Finally,  ASW  interprets 
this  command  and  chooses  an  appropriate  course  of  action  which  is  communicated  to  the 
effectors. 
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The  WDFS  !?■  represents  the  interactions  in  case  of  surface  threat  The  interactions  are 
symmetrical  to  those  in  The  situatitHi  assessments  are  sent  to  every  role  in  the  system.  ASW 
communicates  its  response  to  the  Officer  of  the  Deck.  OOD  incorporates  the  situation 
assessments  and  the  response  of  ASW  so  as  to  select  a  command  to  be  sent  to  ASUW.  Finally, 
ASUW  interprets  this  command  and  chooses  an  appropriate  course  of  action  which  is 
communicated  to  the  effectors. 


Fig.  8.12  WDFS  2? 


Finally,  if  the  tactical  response  is  formulated  by  the  Officer  of  the  Deck,  the  exchange  of 
information  between  the  roles  is  depicted  by  Fig.  8.13.  The  OOD  receives  the  situation 
assessment  of  ASW  and  ASUW,  waits  for  their  expert  responses,  and  interprets  their  expert 
advisories  with  his  assessment  of  the  mission,  so  as  to  produce  the  response  to  be  communicated 
to  the  effectors. 


Fig.  8.13  WDFS  I? 


163 


It  must  be  noted  that  the  variable  structure  is  fairly  simple  and  robust.  Each  expert 
subordinate  has  two  modes  of  interactions  overall.  Each  role  always  communicates  its  situation 
assessment  to  the  other  expert  subordinate  and  the  OOD.  Every  expert  expects  to  receive  the 
situation  assessment  of  the  other  role,  irrespective  of  the  tactical  parameters.  Then,  if  an  expert 
role  has  to  formulate  the  response,  it  waits  for  a  command  from  OOD.  Otherwise,  it  sends  its 
expert  advisory  to  the  Officer  of  the  Deck.  Similarly,  OOD  receives  the  situation  assessments  of 
both  subordinates,  and  infers  from  them  the  state  of  the  environment.  Then,  if  OOD  has  to 
formulate  the  tactical  response,  he  waits  for  the  expert  responses.  Otherwise,  he  integrates  the 
response  from  the  expert  who  has  not  detected  a  threat  with  its  own  assessment,  and  issues  a 
command  to  the  subordinate  who  issues  the  tactical  response.  The  solution  to  the  design 
problem,  including  the  resource  structure,  is  depicted  in  Figure  8.14. 


Fig.  8.14  Solution 
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One  can  gain  in  Appendix  A  some  insight  into  the  drastic  reduction  from  at  least  4096 
candidate  structures  to  one  solution.  The  principal  constraint  is  the  fact  that  one  and  only  one  role 
directly  receives  the  observations  from  Sensors  1  and  2.  Thus,  there  cannot  be  variable  links  for 
which  XI  and  X2  are  effective  until  all  roles  are  provided  with  the  situations  in  both  the  surface 
and  the  submarine  environment  This  is  resolved  of  by  having  permanent  links  from  the  SA 
stages  of  ASW  and  ASUW  to  the  IF  stages  of  every  roles.  At  that  point,  the  only  links  that  can 
be  variable  are  the  links  from  the  RS  stages  to  the  Cl  stages,  and  the  links  from  the  RS  stages  to 
the  effectors.  The  colored  constraints  and  the  need  for  acyclical  fixed  structures  interact  so  as  to 
yield  only  one  solution. 

8.2  THE  AIRPORT  SURFACE  TRAFHC  CONTROL  SYSTEM 
8.2.1  Problem  Definition 

This  section  applies  the  methodology  to  the  design  of  a  civilian  system,  the  Airport  Surface 
Traffic  Control  system  (ASTC).  ASTC  is  broadly  defined  as  the  portion  of  the  Air  Traffic 
Control  system  that  is  responsible  for  traffic  on  the  runways  and  taxiways  of  an  airport.  The 
system  encompasses  people,  procedures,  and  equipment.  In  major  US  airports,  the  system 
consists  of  two  control  positions.  Local  Control  and  Ground  Control,  which  are  stationed  in  the 
tower  cab  using  visual  surveillance,  voice  radio,  and  ground  surveillance  radars  wherever 
available.  Local  Control  handles  the  traffic  on  the  runways  and  in  the  airspace  in  the  immediate 
vicinity  of  the  airport,  while  Ground  Control  handles  the  traffic  on  the  taxiways,  and,  at  some 
airports,  issues  advisories  regarding  airplane  movements  at  the  ramps.  Local  Control  monitors 
landings  and  takeoffs  by  interacting  with  the  portion  of  the  Air  Traffic  Control  system  that  is  in 
charge  of  arrivals  and  departures  in  the  flight  corridors.  Local  Control  can  also  communicate  with 
Ground  Control  and  with  all  planes  on  the  runways  and  taxiways.  Ground  Control  exchanges 
information  with  Local  Control  and  with  each  plane  on  the  ground. 

As  with  all  aspects  of  the  Air  Traffic  Control  system,  the  continual  growth  in  air  traffic  is 
placing  increasing  demands  on  ASTC.  It  has  been  recognized  for  some  time  (Federal  Aviation 
Admiiustration,  1979)  that  Ground  Control  is  a  part  of  ASTC  that  can  significantly  slow  down 
the  timing  of  operations  and  reduce  the  capacity  of  the  largest  airports.  Particularly  in  the  case  of 
bad  visibility  or  at  peak  hours,  a  single  Ground  Controller  (GC)  saturates,  and  cannot  manage 
the  traffic  without  causing  substantial  delays.  One  solution  to  that  problem  is  to  partition  the 
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workload  of  Ground  Control  between  two  Ground  Controllers.  Such  a  partition  is  difficult  to 
design  and  implement,  because  of  the  problem  of  coordinating  the  tasks,  and  of  resolving 
conflicts  among  Ground  Controllers,  or  between  Local  Control  and  Ground  Control.  This 
example  describes  how  to  design  a  variable  ASTC  system  that  encompasses  one  Local 
Controller  (LQ  and  two  Ground  Controllers.  This  example  has  been  based  on  an  hypothetical 
design  of  an  ASTC  system  for  Logan  Airport  in  Boston,  Massachusetts.  The  plan  of  Logan 
Airport  has  been  simplified,  as  depicted  in  Hg.  8.15,  in  order  to  illustrate  the  methodology  and 
the  issues  associated  with  the  design  of  an  ASTC  system  without  providing  too  many  details, 
which  would  be  beyond  the  scope  of  this  thesis. 


North 


Fig.  8.15  Plan  of  Logan  Airport 
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8.2.2  System  Requirements 


The  airport  of  Figure  8.15  has  three  terminals  and  two  runways.  Runways  A  and  B.  Planes 
land  and  take  off  on  runways,  and  move  to  and  from  the  terminals  on  the  taxiways.  Local 
Control  monitors  the  movements  on  the  runways,  while  Ground  Control  surveys  the  taxiways, 
the  crossings  of  taxiways  and  runways,  and  the  terminals.  The  utilization  of  the  runways 
depends  on  the  direction  of  the  wind,  the  guiding  principle  being  that  landings  and  takeoffs  are 
done  "against  the  wind."  If  the  wind  blows  from  the  North  or  from  the  South,  Runway  A  is 
used.  If  the  wind  blows  from  the  East  or  the  West,  planes  land  and  take  off  on  Runway  B. 
Finally,  both  runways  can  be  used  if  the  speed  of  the  wind  is  below  a  certain  limit  Under  low 
wind  conditions  the  runways  are  not  used  in  the  same  way  however.  Because  of  noise  abatement 
concerns  in  the  communities  around  Boston  HarbOT,  large  planes  land  and  take  off  from  Runway 
A  exclusively.  Runway  B  is  used  for  general  aviation,  which  generates  less  noise. 

The  assumption  of  the  design  is  that  the  division  of  Ground  Control  between  two  Ground 
Controllers  is  done  on  a  geographic  basis.  One  GC,  hereafter  called  GC  1,  is  responsible  for 
the  southern  sector  of  the  airport,  while  the  other  GC,  GC  2,  monitors  the  northern  sector. 
Terminals  1  and  2  are  monitored  by  Ground  Controller  1,  while  Terminal  3  is  monitored  by 
Ground  Controller  2.  Mne  areas  have  been  labeled  on  Figure  8.15  which  indicate  critical  spots 
of  the  ASTC  system.  Crossings  1,  2,  and  3  designate  dangerous  crossings  between  taxiways. 
Crossing  1  lies  within  the  jurisdiction  of  GC  2  while  Crossing  3  is  under  GC  I's.  Crossing  2, 
however,  stands  on  the  boundary  between  the  northern  and  southern  sectors,  and  is  monitored 
by  both  Ground  Controllos. 

Crossings  4  and  5  indicate  crossings  between  a  taxiway  and  a  runway.  Crossing  4  is 
monitored  by  GC  2,  while  Crossing  5  is  monitored  by  GC  1.  If  a  plane  on  a  taxiway  approaches 
4  or  5,  a  Ground  Controller  must  interact  with  the  Local  Controller  to  get  the  status  of  the 
runway,  and  can  authorize  or  deny  the  crossing.  Finally,  Crossings  6, 7,  8,  and  9  designate  the 
ends  of  the  runways,  the  point  at  which  a  plane  changes  jurisdiction  between  Ground  Control 
and  Local  Control. 

8.2.3  Parameters  of  the  Model. 

Two  roles.  Local  Control  and  Ground  Control  have  already  been  defrned.  The  degree  of 
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redundancy  of  Local  Control  is  1,  while  the  degree  of  redundancy  of  Ground  Control  is  2.  Five 
sources  of  information  can  trigger  variable  pattons  of  interaction  in  the  system. 

•  Sensor  1  :  Wind.  Wind  is  a  parameter  that  influences  the  direction  of  landings  and 
takeoffs.  This  source  can  take  five  values:  XI  =  {0,  E,  N,  S,  W}.  N  (S,  E,  W 
respectively)  indicates  that  the  wind  comes  from  the  North  (South,  East,  West 
respectively).  0  models  low  wind  conditions  in  which  both  runways  can  be  used. 

•  Sensor  2  :  Runway  Status.  This  source  of  information  models  the  movements  on  the 
runways.  Its  output  alphabet  is  X2  =  (LAA,  LAB,  TOA,  TOB,  CL),  where  LAA 
indicates  that  a  plane  is  landing  on  Runway  A,  LAB  indicates  that  a  plane  is  landing  on 
Runway  B,  TOA  the  fact  that  a  plane  is  taking  off  from  runway  A,  TOB,  the  fact  that  a 
plane  is  taking  off  from  Runway  B,  and  CL  the  possibility  of  the  runways  being  clear  of 
any  movement.  Note  that  one  and  only  one  runway  is  used  if  the  output  of  Sensor  1  is  0, 
E,  N,  S  or  W.  Both  runways  can  be  used  under  low  wind  conditions  but  the  safety 
standards  require  that  there  cannot  be  simultaneous  use  of  both  runways,  i.e.,  there 
cannot  be  at  the  same  time  one  movement  on  the  Runways  A  and  B. 

•  Sensor  3  :  Terminals  1  and  2.  This  source  models  a  plane  leaving  Terminal  1  or 
Terminal  2.  Its  output  alphabet  is  X3  *  {DPI,  NDPl }  where  DPI  models  a  departure 
from  Terminal  1  or  Terminal  2,  and  NDPl  indicates  that  no  plane  is  departing.  Note  that 
a  departing  plane  must  be  directed  to  a  runway.  If  several  runways  are  used  at  the  same 
time.  Ground  Controller  1  must  ask  the  Local  Controller  where  to  direct  the  plane. 

•  Sensor  4  :  Terminal  3.  Similarly,  this  source  models  a  plane  leaving  Terminal  3.  Its 
output  alphabet  is  X4  =  {DP3,  NDP3},  where  DP3  models  the  case  in  which  one  plane 
is  leaving,  and  NDP3  the  case  in  which  no  plane  leaves.  Note  that  GC2  must  ask  the 
Local  Controller  where  to  direct  the  plane  in  case  of  low  wind  conditions. 

•  Sensor  5  :  Conflicts.  This  source  of  information  models  the  existence  of  conflicts  at  the 
boundaries  of  the  northern  and  the  southern  sectors.  Its  output  alphabet  is  XS  =  (C,  NC) 
where  C  indicates  that  there  is  some  conflict  in  the  area  that  is  monitOTed  by  both  Ground 
Controllers,  whereas  NC  models  the  absence  of  conflict. 

The  set  of  inputs  to  the  system  is  X  =  XI  x  X2  x  X3  x  X4  x  X5.  The  set  of  inputs  contains 
S*S*24>2  *  2  =  200  elements.  Recall  that  these  inputs  model  only  the  parameters  that 
necessitate  or  influence  coordination  between  roles.  They  do  not  describe  extensively  the 
parameters  that  are  processed  by  one  role  only. 
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Finally,  suppose  that  one  and  only  one  human  decisionmaker  can  be  assigned  to  each  role 
corresponding  to  a  situation  in  which  no  back-up  controllers  are  present  in  the  tower  cab.  In  a 
Petri  Net  model  of  the  structure,  one  and  only  one  resource  loop  is  associated  with  each  role.  The 
resource  place  in  the  resource  loop  initially  contains  one  and  only  one  token.  The  resource 
structure  is  very  simple  and  can  be  omitted  below.  Functional  structures  are  thus  used  to 
represent  the  structure  of  interactions  in  the  system. 

8.2.4  Constraints 

Constraints  are  introduced  to  restrict  the  solutions  to  WDVS  that  make  sense  as  far  as  an 
ASTC  system  for  Logan  airport  is  concerned.  These  consuraints  are  expressed  in  plain  English  in 
this  subsection  and  can  be  translated  without  any  difficulty  into  mathematical  terms,  as  done  in 
section  8.1.2  and  in  section  6.4.  They  are  represented,  with  the  usual  conventions,  on  the  CPN 
of  Figure  8.16. 

•  Constraints  on  S 

It  is  assumed  that  each  role  knows  the  direction  of  the  wind,  the  ou^ut  of  Sensor  1.  The 
output  of  Sensor  2,  the  status  of  the  runway(s),  is  known  by  LC  only.  The  output  of  Sensor  3, 
the  status  of  Terminals  1  and  2,  is  monitored  by  GC  1,  but  not  by  GC  2.  LC  may  have  access  to 
that  source  of  information,  for  example,  by  looking  at  departure  strips  on  a  monitor  or  by 
knowing  in  advance  the  planning  of  departures.  Similarly,  the  output  of  Sensor  4,  that  is  the 
status  of  Terminal  3,  is  monitored  by  GC  2,  may  be  known  by  LC,  and  is  not  siu^reyed  by  GC 
1.  Finally,  the  conflicts  at  the  boundaries  of  the  northern  and  southern  sectors,  the  output  of 
Sensor  5  are  only  known  to  the  GCs. 

•  Constraint  on  s 

Every  role  has  to  produce  a  response  to  be  the  sent  to  the  planes  under  its  jurisdiction, 
and  each  role  must  have  a  fixed  link  fiom  its  RS  stage  to  the  effectors. 

•  Constraints  on  F 

No  constraints  are  imposed  on  sharing  information  between  Ground  Controllers  or  from 
a  GC  to  LC.  Some  constraints  are  imposed  on  the  exchange  of  information  from  LC  to  the 
Ground  Controllers,  because  LC  must  inform  the  Ground  Controllers  of  the  Runway  Status. 
There  is  no  need  for  fixed  interactions  because  the  utilization  of  the  runways  does  not  always 
create  conflicts  or  dangers  in  both  the  northern  and  the  southern  sectors.  If  the  wind  is  N  or  W, 
the  landing  planes  leave  the  runway  at  6  or  7,  under  the  jurisdiction  of  GC  2,  and  head  for  the 
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terminals  through  the  crossings  1  and  4,  all  monitored  by  GC  2.  The  departing  planes  take  off 
from  8  or  9.  The  way  they  follow  on  the  taxiways  to  crossings  8  and  9  is  mainly  under  the 
jurisdiction  of  GC  1,  and  they  cannot  cross  the  runway  that  is  used.  Therefore,  GC  2  only  needs 
to  be  informed  by  LC.  Symmetrically,  if  the  wind  is  E  or  S,  GC  1  needs  to  be  informed  only  by 
LC.  If  Runways  A  and  B  are  in  use  however,  both  Ground  Controllers  must  be  informed, 
because  each  GC  monitors  a  crossing  (4  or  5)  between  a  runway  and  a  taxiway. 

These  constraints  can  be  summed  up  by  stating  that  AC  =  <E>  u  <S>  u  <0>  is  the  set  of 
inputs  that  activates  the  link  from  the  S  A  stage  of  the  Local  Controller  to  the  IF  stage  of  Ground 
Controller  1.  This  variability  is  depicted  by  the  matrix  LI  on  Figure  8.16.  Similarly,  the  set  of 
inputs  that  activate  the  link  from  the  S  A  stage  of  the  Local  Controller  to  the  IF  stage  of  Ground 
Controller  2  is  AC  =  <N>  u  <W>  u  <0>.  This  variable  pattern  of  interaction  is  indicated  by 
matrix  L2  on  Figure  8.16. 

•  Omstraint  on  G 

Every  SA  stage  receives  some  sensoi^'  observations,  therefore  all  links  between  RS 
stages  and  S A  stages  must  be  ruled  out 

•  Gxistndnt  on  H 

All  links  from  the  RS  stages  to  the  IF  stages  have  been  ruled  out  The  rationale  is  that  a 
response  of  a  role  is  an  executory  command,  a  resolution  of  a  conflict  or  an  answo:  to  a  request 
Therefore,  the  communications  of  responses  to  roles  are  most  appropriately  modeled  by  the  links 
from  the  RS  stages  to  the  Cl  stages. 

•  Constraint  on  H 

First  it  is  assumed  that  GCs  cannot  issue  commands  to  LC  because  the  movements  on 
the  runways  have  priority  as  far  as  safety  is  concerned.  The  number  of  alternative  courses  of 
action  that  LC  can  select  shall  never  be  restricted.  Second,  GC  2  cannot  issue  a  command  to 
GCl,  whereas  GC  1  may  issue  one  to  GC  2.  GC  1  covers  a  larger  geographical  area  than  GC  2, 
and  may  need  to  restrict  the  courses  of  action  of  GC2  to  solve  the  conflicts  in  its  own 
jurisdiction.  Finally,  in  the  case  of  low  wind  conditions,  LC  must  instruct  the  Ground 
Controllers  when  a  plane  leaves  a  terminal.  The  link  from  the  RS  stage  of  LC  to  the  Cl  stage  of 
GC  1  is  thus  activated  for  AC  =  <0,  DP3>.  This  variability  has  been  indicated  by  the  matrix  L3. 
Similarly,  the  link  from  the  RS  stage  of  LC  to  the  Cl  stage  of  GC  2  is  activated  by  the  set 
AC  =  <0,  DP1>.  This  variability  has  been  represented  by  matrix  L4. 
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Fig.  8.16  Colored  Petri  Net  model  of  the  Constraints 


8.2.5  Decomposition  of  the  Constraints 


The  elementary  sets  of  inputs  can  be  determined  from  the  colored  constraints  expressed  in 
LI,  L2,  L3,  and  L4  :  EX,  =  <N>  u  <W^>,  EX2  =  <E>  u<5>,  EX3  =  <0,  DPI,  DP3>, 
EX4  =<a  DPI,  NDP3>,  EX5  =  <0,  NDPl,  DP3>,  EXg  =  <0.  NDPl,  NDP3>.  The  set  of 
inputs  that  activate  one  link  belongs  to  the  lattice  polynomial  generated  by  EX^, ....  EX5 .  Note 
that  any  elementary  set  of  inputs  corresponds  to  a  union  of  equivalence  classes  of  R^,  R3,  R4, 


because  they  correspond  to  partitions  based  on  the  observations  carried  out  by  Sensors  1, 3,  and 
4.  Therefore,  the  effective  alphabets  of  any  partition  of  X  between  AC  and  DC  are  at  most  XI, 
X3,  and  X4,  and  the  model  of  this  thesis  does  not  characterize  solutions  in  which  X2  and  XS 
may  be  effective  alphabets  of  the  partition. 

Finally,  it  can  be  seen  that 

•  There  are  no  effective  alphabets  if  AC  =  0  or  X. 

•  XI  is  the  only  effective  alphabet  if  AC  =  EXj  or  EX2  or  EX^  u  EX2  or 
EX3  u  EX4  u  EX5  u  EX<s  or  EXi  u  EX3  u  EX4  u  EX5  u  EXg  or 

EX2  u  EX3  u  EX4  u  EX5  u  EXfi. 

•  XI  and  X3  are  the  effective  alphabets  if  AC  =  EX3  u  EX4  or  EX5  u  EXg  or 
EXi  u  EX3  u  EX4  or  EX2  u  EX3  u  EX4  or  EXj  u  EX5  u  EX^  or 
EX2  u  EX5  u  EXfi. 

•  XI  and  X4  are  the  effective  alphabets  if  AC  =  EX3  u  EX5  or  EX4  u  EX5  or 
EX^  o  EX3  o  EX3  or  EX2  ^  EX3  BXj  or  EX^  o  EX4  WJ  EX^  or 
EX2  u  EX4  u  EXg. 

•  Rnally,  XI,  X3,  X4  are  the  effective  alphabets  for  all  other  AC  in  L  (EXj, EX^). 
8.2.6  Solutions 

There  are  four  subsets  of  solutions  to  the  design  problem.  As  indicated  by  Proposition  7.24, 
each  subset  of  solutions  corresponds  to  a  particular  combination  of  input  links  to  the  system.  In 
addition,  each  subset  of  solutions  in  the  example  has  the  property  that  there  exists  a  unique 
minimal  element  and  a  unique  maximal  element  in  each  subset.  These  minimal  and  maximal 
elements  are  depicted  in  the  following  figures.  The  usual  convention  that  a  permanent  link  is  not 
annotated  is  respected  throughout  Figures  8.17  to  8.28. 

•  Subset  1 

The  first  subset  of  solutions  corresponds  to  the  variable  structures  whose  input  links  are 
exactly  the  inputs  links  that  have  been  imposed  by  the  constraints.  The  VMINO  is  the  WDVS  of 
Figure  8.17.  In  this  variable  structure,  all  links  except  the  ones  whose  variability  has  been 
defined  are  permanent.  LC  does  not  have  access  to  direct  knowledge  of  the  departiu^s  at  the 
terminals,  and  receives  this  information  over  the  permanent  links  from  the  S  A  stages  of  both 
GCs  to  its  IF  stage.  Besides  these  two  links,  all  links  are  permanent  or  variable  as  imposed  by 
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the  user-defined  constraints.  The  VMAXO  of  the  subset  of  solutions  is  depicted  on  Figure  8. 18. 


As  compared  to  the  VMINO,  three  new  links  are  activated,  i.e.,  the  links  from  the  SA 
stages  to  the  IF  stages  between  Ground  Controllers,  and  the  link  between  the  RS  stage  of  GC  1 
to  the  Cl  stage  of  GC2.  This  VMAXO  describes  a  structure  in  which,  in  addition  to  the 
interactions  that  are  required,  all  roles  share  their  situation  assessments,  and  GC  1  always  issues 
a  command  to  GC  2. 


Fig.  8.17  VMINO  1 
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There  are  two  layers  of  solutions  from  VMINO  1  to  VMAXO  1.  These  layers  ccorespond  to 
different  accessible  alphabets  for  Link  A,  the  link  from  the  SA  stage  of  GC  1  to  the  IF  stage  of 
GC  2,  Link  B,  the  link  from  the  SA  stage  of  GC  2  to  the  IF  stage  of  GC  1,  link  C,  the  link  from 
the  SA  stage  of  GC  1  to  the  IF  stage  of  GC  2,  the  links  that  vary  between  VMINO  1  and 
VMAXO  1.  The  accessible  pattern  of  the  solutions  can  be  expressed  in  a  reduced  form  by 
[{Accessible  alphabets  Link  A}, (Accessible  alphabets  Link  B},{  Accessible  alphabets  Link  C}]. 


Fig.  8.18  VMAXO  1 
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VMINO  1  has  an  accessible  pattern  that  corresponds  to  [{XI),  (XI),  {XI)].  Therefore 
any  WDVS  that  lies  between  VMINO  1  and  VMAXO  1  and  whose  links  A,  B,  and  C  are 
activated  by  AC  =  EX^  or  EX2  or  EX|  u  EX2  or  EX3  u  EX4  u  EX5  u  EXg  or 
EXj  u  EX3  u  EX4  u  EX5  u  EXg  or  EX2  u  EX3  u  EX4  u  EX5  u  EXg  is  a  valid  solution  to 
the  problem.  These  solutions  are  the  variable  structures  for  which  all  changes  are  only  based  on 
the  direction  of  the  wind,  i.e.,  on  the  way  runways  are  utilized  for  landings  and  takeoffs. 


Fig.  8.19  Intermediate  Solution 
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The  second  layer  is  made  of  the  WDVSs  that  lie  between  VMINO  1  and  VMAXO  1  and 
above  the  solution  in  Fig.  8.19,  whose  effective  pattern  is  [{XI ),{X1  ),{X1,  X3,  X4)].  These 
solutions  are  the  ones  in  which  roles  always  exchange  their  situation  assessments.  The  link 
between  the  RS  stage  of  GC  1  and  the  Cl  stage  of  GC  2  can  be  activated  by  any  set  of  inputs  in 
L(EXi, EXg),  i.e.  GC  1  can  issue  a  command  to  GC  2  for  any  combination  of  cases. 

•  Subset  2 

This  set  of  solutions  corresponds  to  the  structures  in  which  the  Local  Controller  has 
direct  knowledge  of  planes  departing  from  terminals  1  and  2,  but  not  of  the  departures  from 
terminal  3.  There  exists  a  unique  minimal  solution  that  is  represented  in  Figure  8.20.  In  this 
structure,  GC  2  must  send  its  situation  assessment  to  the  Local  Controller,  while  all  other  links 
had  been  determined  by  the  constraints  on  the  design. 

There  is  one  and  only  one  maximal  solution,  which  is  depicted  in  Figure  8.21.  As  compared 
to  VMINO  2,  four  links  are  activated,  that  is  the  links  A,  B,  and  C  described  for  the  first  subset, 
and  the  link  D  from  the  RS  stage  of  GC  1  to  the  IF  stage  of  LC.  There  are  two  layers  from 
VMINO  2  to  VMAXO  2.  Here  again,  he  accessible  pattern  of  the  solutions  can  be  expressed  in  a 
reduced  form  by: 

[{Accessible  alphabets  Link  A},  {Accessible  alphabets  Link  B},  {Accessible  alphabets  Link  C}, 
{Accessible  alphabets  Link  D}]. 

VMINO  2  has  an  accessible  pattern  that  corresponds  to  [{XI),  {XI},  {XI},  {XI,  X3}]. 
Therefore  a  solution  to  the  design  lies  between  VMINO  2  and  VMAXO  2  and 

•  Its  links  A,  B,  and  C  are  activated  by  AC  =  EX^  or  EX2  or  EXj  u  EX2  or 
EX3  u  EX4  u  EX5  u  EXg  or  EXiUEX3uEX4uEX5tjEX6  or 
EX2  u  EX3  u  FX4  u  EX5  u  EXg. 

•  Its  link  D  is  activated  by  AC  =  EX3  u  EX4  or  EX5  u  EXg  or  EXj  u  EX3  u  EX4 
or  EX2  u  EX3  u  EX4  or  EX^  u  EX5  u  EXg  or  EX2  u  EX5  u  EXg  . 

The  second  layer  is  made  of  the  WDVSs  between  VMINO  2  and  VMAXO  2  that  are  above 
the  structure  of  Fig.  8.22,  whose  effective  pattern  of  interactions  is: 

[{XI},  {XI},  {X1,X3.X4},  {X1,X3}]. 
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These  solutions  correspond  to  structures  in  which  GCl  and  GC2  always  exchange  their 
situation  assessments,  in  which  Link  C  can  be  activated  by  any  set  in  LCEX^,...,  EX^),  and 
Link  D  can  be  activated  by  AC  =  EX3  u  EX4  or  EX5  u  EX5  or  EX^  u  EX3  u  EX4  or 
EX2U  EX3  u  EX4  or  EXi  u  EX5  u  EX<s  or  EXj  u  EX5  u  EX^. 
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Runway  status 

OK 


•  Tenn3 


•  Subset  3 

This  set  of  solutions  coiresponds  to  the  structures  in  which  the  Local  Controller  has 
direct  knowledge  of  planes  departing  from  terminal  3.  but  not  of  the  departures  from  terminals  1 
and  2.  There  exists  a  unique  minimal  solution  that  is  represented  in  Figure  8.23.  In  this  structure, 
GC  1  must  send  its  situation  assessment  to  the  Local  Controller,  while  all  other  links  have  been 
determined  by  the  constraints  on  the  design. 


Fig.  8.23  VMINO  3 
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There  is  one  and  only  one  maximal  solution,  which  is  depicted  in  Figure  8.24.  As  compared 
to  VMINO  3,  four  links  are  activated:  The  links  A,  B,  and  C  described  for  the  first  subset,  and 
the  link  E  fix}m  the  RS  stage  of  GC  2  to  the  IF  stage  of  LC.  There  are  two  layers  from  VMINO  3 
to  VMAXO  3.  Here  again,  the  accessible  patton  of  the  solutions  can  be  expressed  in  a  reduced 
form  by: 

[{Accessible  alphabets  link  A),  (Accessible  alphabets  Link  B),  (Accessible  alphabets  Link  C}, 
(Accessible  alphabets  Link  E}]. 


Fig.  8.24  VMAXO  3 
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VMINO  3  has  an  accessible  pattern  [{XI},  {XI},  {XI},  {XI,  X4}].  Therefore,  a  valid 
solution  is  a  WDVS  that  lies  between  VMINO  3  and  VMAXO  3, 

•  whose  links  A,  B,  C  are  activated  by  AC  =  EX^  or  EX2  or  EX^  u  EX2  or 

EX3UEX4UEX5UEX6orEXiUEX3uEX4uEX5uEX6  or 

EX2  u  EX3  UEX4UEX5U  EXfi 

•  whose  link  E  is  activated  by  AC  =  EX3  u  EX5  or  EX4  u  EX^  or  EX^  u  EX3  u  EX5 

or  EX2  EX3  o  EX5  or  EXj  ^  EX4  EX^  or  EX2  EX4  ^  EX5  . 

Rnally,  the  accessible  pattern  of  any  WDVS  between  VMINO  3  and  VMAXO  3  that  lies 
above  the  solution  depicted  on  Fig.  8.25  is  [{XI},  {XI},  {XI,  X3,  X4},  {XI,  X4}].  The 
second  layer  of  solutions  is  the  structures  in  which  GCl  and  GC2  always  exchange  their 
situation  assessments,  in  which  Link  C  can  be  activated  by  any  set  of  inputs  in  L(EXi, ...,  EX5) 
and  Link  E  can  be  activated  by  AC  =  EX3  u  EX5  or  EX4  u  EX5  or  EX^  u  EX3  u  EX5  or 
EX2  EX3  o  EX3  or  EX^  EX4  EXg  or  EX2  ^  EX4  EX^. 

•  Subset  4 

This  final  set  of  solutions  corresponds  to  the  structures  in  which  the  Local  Controller  has 
direct  knowledge  of  planes  departing  from  terminals  1, 2,  and  3.  There  exists  a  unique  minimal 
solution  that  is  represented  in  Figure  8.26.  In  this  structure,  all  links  excepts  the  links  from 
Sensor  3  and  Sensor  4  to  LC  have  been  defined  as  constraints  to  the  design. 

There  is  one  and  only  one  maximal  solution,  which  is  depicted  in  Figure  8.27.  As 
compared  to  VMINO  4,  five  links  are  activated,  the  links  A,  B,  C,  D,  and  E .  Once  again,  there 
are  two  layers  firom  VMINO  4  to  VMAXO  4,  and  the  accessible  patterns  of  the  solutions  can  be 
expressed  in  reduced  form  by  [{Accessible  alphabets  Link  A},  {Accessible  alphabets  Link  B}, 
{Accessible  alphabets  Link  C},  {Accessible  alphabets  Link  D},  {Accessible  alphabets  Link  E}]. 

The  accessible  pattern  of  VMINO  4  is  [{XI},  {XI},  {XI},  {XI,  X3},  {XI,  X4}]. 
Therefore,  a  solution  lies  between  VMINO  4  and  VMAXO  4,  and 

•  Its  links  A,  B,  C  are  activated  by  AC  =  EXj  or  EX2  or  EX1UEX2  or 

EX3  u  EX4  u  EX5  u  EX<5  or  EXiU  EX3U  EX4  u  EX5  u  EXg  or 

EX2UEX3UEX4UEX5  u  EXg. 

•  Its  link  D  can  be  activated  by  AC  =  EX3VJEX4  or  EX5  u  EX^  or  EX^  u  EX3  u  EX4 
or  EX2  ^  EX3  ^  EX4  or  EXj  o  EX3  EX^  or  EX2  ^  EX3  ^  fiX^. 
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•  Its  link  E  is  activated  by  AC  =  EX3  u  EX5  or  EX4  u  EX5  or  EXj  u  EX3  u  EX5  or 
EX2  ^  EX3  o  EX3  or  EX^  o  EX4  o  EX^  or  EX2  ^  EX4  EX^  . 


Rg.  8.25  Intermediate  Structure 
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Tenn  1  &  2 


Fig.  8.26  VMIN04 


Finally,  the  accessible  pattern  of  the  solution  depicted  on  Fig.  8.28  is  [{XI},  {XI}, 
{XI,  X3,  X4},  {XI,  X3},  {XI,  X4}].  The  second  layer  of  solutions  is  the  structures  in  which 
GCl  and  GC2  always  exchange  their  situation  assessments,  and 

•  in  which  Link  C  can  be  activated  by  any  set  of  inputs  in  L(EXi, ...,  EX5) 

•  in  which  link  D  can  be  activated  by  any  set  of  inputs  AC  =  EX3  u  EX4  or  EXsUEXg 
or  EX1OEX3V.J  EX4  or  EX2  WJ  EX^^EX^  or  EXjOEX^  oEX^  or  EX2^EX3^  LX^. 

•  in  which  link  E  can  be  activated  by  any  set  of  inputs  AC  =  EX3  u  EX5  or  EX4  u  EX5 
or  EX^  o  EX3  EX5  or  EX2  'i.>>EX3  i^EX5  or  EX^oEX4oEXg  or  EX2'sJEX4'^  LX^. 


184 


Fig,  8.27  VMAX04 

The  four  subsets  of  results  correspond  to  four  different  degrees  of  coordination  between  the 
roles  of  the  ASTC  system.  The  first  subset  corresponds  to  the  case  in  which  the  roles  only  have 
access  to  the  sources  of  information  that  they  monitor  because  of  the  constraints.  Local  Control 
exclusively  monitors  the  landings,  and  each  Ground  Controller  monitors  its  geographic  sector. 
Note  that  the  pattern  of  interaction  of  the  Local  Controller  with  the  Ground  Controllers  is  the 
same  over  all  solutions  in  subset  1.  There  is  one  and  only  one  way  to  achieve  a  meaningful 
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coordination  between  Local  Control  and  Ground  Control.  On  the  other  hand,  there  are  many 
variable  structures  between  VMINO  1  and  VMAXO  1,  which  correspond  to  different  patterns  of 
interaction  between  Ground  Controllers.  The  first  layer  of  solutions  corresponds  to  the  case  in 
which  the  variability  between  Ground  Controllers  is  based  exclusively  on  their  common  sources 
of  information,  XI  and  X5.  Finally,  the  second  layer  of  solutions  corresponds  to  a  series  of 
solutions  in  which  both  Ground  Controllers  exchange  at  all  times  their  situation  assessment  and 
in  which  GC  1  can  issue  a  command  or  an  advisory  to  GC  2,  based  on  the  observations  of 
Sensors  1,  3,  4,  and  5. 


Fig.  8.28  Intennediate  Structure 
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The  other  subsets  present  larger  ranges  of  solutions.  This  is  achieved  by  allowing  roles  to 
have  access  to  more  sources  of  information.  Note  however,  that  the  possible  pattern  of 
interactions  between  Ground  Controllers  is  identical  over  the  subsets  1,  2,  3,  and  4.  The 
VMINOs  always  contain  the  same  links  between  Ground  Controllers,  and  the  VMAXOs  also 
have  the  same  links  between  GCs.  On  the  other  hand,  subsets  2,  3,  and  4  describe  the  cases  in 
which  more  and  more  varied  patterns  of  coordination  between  Local  Control  and  Ground  Control 
can  be  instituted.  Subset  2  indicates  the  case  in  which  there  is  more  than  one  way  to  achieve 
coordination  between  GC  1  and  LC,  while  there  is  only  one  solution  to  the  coordination  between 
GC  2  and  LC.  Subset  3  indicates  the  converse  case,  in  which  there  is  more  than  one  way  to 
enforce  coordination  between  GC  2  and  LC,  while  there  is  only  one  solution  to  the  coordination 
between  GC  1  and  LC,  Finally,  subset  4  describes  the  case  in  which  both  Ground  Controllers 
can  have  different  patterns  of  variable  interactions  with  LC. 

From  a  practical  point  of  view,  these  subsets  indicate  a  clear  trade-off  between  access  to 
sources  of  information  and  the  number  of  coordination  mechanisms  between  roles.  The  number 
of  ways  can  be  increased  if  the  roles  have  access  to  more  sources  of  information.  On  the  other 
hand,  this  increase  in  the  number  of  sources  that  are  monitored  can  increase  the  workload  of  the 
controllers,  and  may  decrease  their  reliability.  In  order  to  tackle  these  issues  quantitatively,  the 
Colored  Petri  Nets  generated  in  this  example  can  be  used  with  the  System  Effectiveness  Analysis 
methodology  to  assess  the  impact  of  these  tradeoffs  on  performance.  In  particular,  the  workload 
associated  with  the  configiuations,  as  well  as  the  timeliness  and  accuracy  of  the  system  can  be 
computed. 
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CHAPTER  IX 


POLICY  ANALYSIS 


Because  this  thesis  intends  to  contribute  to  the  theory  of  distributed  intelligence  systems,  this 
chapter  analyzes  the  socioeconomic  and  political  environment  within  which  the  need  for  research 
in  distributed  intelligence  systems  has  been  formulated.  The  interactions  between  the  research 
issues  and  the  political  needs  are  identified.  Based  on  those  Hndings,  a  strategy  for  implementing 
the  methodology  of  this  thesis  is  devised. 


9.1  Large  SCALE  SYSTEMS:  AN  AREA  OF  CONCERN 

The  federal  government  devotes  larger  and  larger  amounts  of  resources,  in  terms  of  time  and 
money,  to  design,  analyze,  and  run  large-scale  distributed  systems.  At  the  same  time,  there 
seems  to  be  a  growing  dissatisfaction  with  such  systems.  The  press  regularly  reports  problems 
with  the  Air  Traffic  Control  system,  the  large  delays  experienced  by  passengers  at  airports  due  to 
traffic  congestion,  and  the  safety  issues,  such  as  near  misses  and  collisions,  controllers'  failures, 
etc.  The  specialized  press  insists  that  most  problems  are  rooted  in  the  obsolescence  of  the 
technological  rationales  which  led  in  the  SOs  to  the  design  of  the  actual  system,  and  that  the  FAA 
failed  to  keep  up  with  technological  changes  and  the  boom  in  traffic  that  came  fix>m  deregulation. 
Furthennore,  by  focusing  primarily  on  the  enroute  Air  Traffic  Control,  the  FAA  made  the  Airport 
Surface  Traffic  Control  the  most  saturated  and  dangerous  part  of  the  ATC  system  today.  The 
working  environment  of  airport  controllers  has  not  been  adapted  to  the  increase  in  traffic,  causing 
many  problems  of  woridoad  management  and  coordination  between  controllers. 

Similarly,  Anger  (1988)  describes  how  some  systems  of  the  Department  of  Defense  fall 
short  of  expectations  because  they  can  neither  manage  the  complexity  of  their  environment  nor 
coordinate  rapidly  and  efficiently  their  missions.  The  dramatic  accident  involving  the  USS 
Vincennes  illustrates  the  difficulty  of  managing  a  distributed  intelligence  system,  if  it  has  to  reaa 
rapidly  under  time  and  tactical  pressures.  The  Vincennes  was  cruising  at  sea,  the  intelligence 
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support  was  distributed  throughout  the  Persian  Gulf  and  could  not  identify  rapidly  the  nature  of 
the  radar  signature,  the  Commander  in  Chief  with  responsibility  for  the  Persian  Gulf  was  not 
physically  present,  but  was  thousands  of  miles  away. 

Under  its  mandate  to  address  the  needs  of  the  United  States,  Congress  is  responsible  for 
monitoring  the  development  of  systems  under  federal  jurisdiction.  Over  the  past  twenty  five 
years.  Congress  has  ordered  that  federal  systems  should  become  more  efficient,  and  should 
address  new  needs,  under  the  general  constraint  that  financial  resources  are  scarce.  To  enhance 
the  performance  of  the  interaction  between  Congress,  the  federal  agencies  and  the  private  sector. 
Systems  Analysis  has  been  developed  as  a  quantitative  aid  to  certify  only  those  programs  that 
will  be  cost  effective  (Anger,  1988).  While  performing  a  system  analysis,  developers  consider 
the  costs  and  benefits  of  the  programs,  explore  a  variety  of  options,  and  define  the  combination 
that  will  be  most  cost  effective. 

The  federal  authorities  have  recognized  that  the  government  should  meet  the  increasing 
needs  for  analysis  and  design  of  distributed  intelligence  systems  by  launching  comprehensive 
research  efforts  in  this  field  where  little  was  known.  As  formulated  in  a  recommendation  of  the 
Defense  Science  Board  (1978)  for  the  systems  of  the  Department  of  Defense,  "DoD  should 
develop  a  coordinated  program  of  research  and  testing  on  command  and  control  concepts,  design 
and  system  performance,  to  provide  the  intellectual  base  to  guide  the  evolution  of  improved 
command  and  control  systems."  Similarly,  the  FA  A  has  supported  many  research  efforts  to 
devise  ways  to  improve  or  change  the  actual  Air  Traffic  Control  system. 

9.2  OPERATIONAL  ISSUES 

The  formulation  of  operational  needs  is  strongly  influenced  by  the  classical  works  on 
organization  theory  of  Herbert  Simon  et  al.  (Simon,  1981;  Crecine  and  Salomone,  1988), 
whose  work  relies  on  the  assumption  that  the  cognitive  processes  of  human  beings  are 
constrained.  Therefore,  the  limit  on  the  information  that  can  be  absorbed  forces  people  to 
respond  only  to  limited  aspects  of  their  environment,  and  to  rely  on  relatively  simple  mental 
strategies.  In  an  operational  context  such  as  the  ATC  system  or  a  DoD  system,  teams  of 
decisionmakers  are  created  as  a  solution  for  overcoming  these  individual  cognitive  limits. 
Through  specialization,  individuals  acquire  the  capacity  to  apply  relatively  complex  cognitive 
strategies  to  narrowly  defined  tasks  environments.  Through  division  of  labor,  substantial 
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cognitive  resources  can  be  simultaneously  brought  to  bear  on  many  tasks  or  information  sources 
at  a  time. 

At  first  sight,  the  potential  accomplishments  of  the  division  of  labor  seem  to  be  limitless.  In 
practice  however,  systems  that  mix  human  beings,  computerized  decision  aids,  and  multiple 
communications  channels  must  overcome  a  fundamental  difficulty,  the  need  for  the  pattern  of 
activities  carried  out  by  individuals  in  various  subunits  of  the  system  to  fit  together  in  a  coherent 
fashion.  Achieving  such  coherence  defines  what  is  termed  the  coordination  problem,  but  this 
structuring  can  easily  become  so  complex  as  to  overwhelm  the  cognitive  capacities  of  those  who 
must  carry  it  out.  Indeed  the  high  frequency  of  coordination  failures  suggest  that  such  problems 
commonly  occur.  Typically,  near  misses  originate  from  coordination  failures  between 
controllers.  In  response,  the  FAA  imposes  strict  rules  on  ground  movements  and  landings  and 
takeoffs,  which  cause  greater  delays  at  peak  hours  or  bad  weather.  Those  delays  put  pressure  on 
the  controllers  and  further  deteriorate  their  ability  to  coordinate  their  tasks  optimally! 

Direct  supervision,  mutual  adjustment,  standardization  and  planning  are  the  four  basic 
mechanisms  for  achieving  coordination  in  a  distributed  intelligence  system.  Direct  supervision  is 
the  most  commonly  used  mechanism.  It  corresponds  to  the  introduction  of  hierarchical  layers,  or 
supervisor-subordinate  types  of  relationships.  Mutual  adjustment  occurs  when  two  or  more 
actors  agree  to  share  resources  and  to  confer  with  one  another  concerning  decisions  that  affect 
their  respective  tasks.  Standardization  is  the  creation  of  standard  operating  procedures,  and 
planning  corresponds  to  a  direct  supervision  done  ahead  of  time.  Unfortunately,  all  these 
strategies  are  very  costly,  and  practical  systems  are  often  designed  so  as  to  limit  the  amount  of 
coordination.  A  consequence  that  can  be  sensed  in  everyday  life  is  that  most  systems  fail  to 
exploit  the  potential  that  would  theoretically  be  generated  by  division  of  labor. 

Another  problem  is  that  most  distributed  intelligence  systems  are  designed  using  a  functional 
decomposition.  Functional  decomposition  exploits  the  economies  of  scale  that  are  inherent  in 
high  degrees  of  specialization,  but  tends  to  induce  heavy  coordination  costs  in  the  system 
regardless  of  the  means  employed  to  achieve  coordination.  Therefore,  functionally  structured 
organizations  tend  toward  inflexibility  and  inability  to  adapt  to  rapidly  changing  situations. 
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9.3  A  RESEARCH  AGENDA 


While  committing  financial  and  human  resources  to  the  development  of  basic  research  on 
distributed  intelligence  systems,  FAA  and  DoD  have  indicated  four  research  problems  that  are 
most  crucial  to  their  needs:  processing  capability,  reaction  time,  flexibility  and  coordination 
capability. 

The  issue  in  processing  capability  is  that  systems  developers  or  operational  people  tend  to 
formulate  needs  for  as  much  cognitive,  computational,  and  communications  capacity  as  possible, 
which  is  not  feasible  given  political  and  budgetary  constraints.  This  body  of  research  should 
thus  address  how  timely,  accurate,  and  complete  an  information  should  be,  what  decision  aids 
are  really  needed  to  adequately  perform  the  task  at  hand,  and  a  general  formulation  of  the 
tradeoffs  that  must  be  made  while  developing  or  upgrading  systems. 

The  second  area  of  concern  is  the  study  of  reaction  times,  that  is,  the  amount  of  time  that 
elapses  between  tiie  onset  of  an  input  to  the  system  and  the  initiation  of  the  response  versus  the 
amount  of  time  within  which  a  response  should  be  initiated.  This  area  of  research  is  closely 
related  to  safety  vs.  congestion  concerns  for  the  ATC,  and  has  a  dramatic  impact  on  the 
effectiveness  of  military  systems. 

The  third  domain  of  studies  is  flexibility,  which  is  the  capacity  to  adapt  to  rapidly  changing 
conditions,  to  changes  of  interactions,  or  to  courses  of  actions  that  can  be  followed.  Indeed  it  is 
widely  believed  that  flexible  systems  may  perform  more  accurately  than  rigid  systems,  because 
they  can  adapt  their  pattern  of  interactitxis  to  the  optimal  configuration  for  each  input 

Finally,  the  last  area  of  research  focuses  on  coordination  capacity,  the  determination  of  the 
most  cost-effective  procedures  to  coordinate  tasks  in  a  system,  which  is,  as  described  before,  the 
most  basic  and  difficult  problem  encountered  in  actual  implementations. 

9.4  A  RESEARCH  COMMUNITY 

The  research  community  can  be  roughly  divided  into  four  groups  with  partial  overlaips. 

•  One  group  is  interested  in  theories  and  models  of  distributed  intelligence  systems.  The 
members  of  this  group  are  trying  to  establish  a  theoretical  foundation  for  this  emerging 
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field  by  relying  on  organization  theory,  but  extending  it  to  include  findings  from  the 
fields  of  computer  science,  control  theory  and  communications  theory.  The  theoretical 
analyses  try,  in  particular,  to  incorporate  all  four  crucial  characteristics. 

•  The  second  group  studies  primarily  the  physical  components  of  the  system.  Such 
components  very  often  involve  state-of-the-art  technology  because  of  the  huge  data 
processing  needs  formulated  by  the  users  of  the  systems.  Radars,  communications 
equipment,  communication  protocols,  and  parallel  computers  are  just  a  few  examples 
of  the  key  technologies  that  were  developed  in  this  area.  This  group  focuses  on  the 
processing  capability  and  the  development  of  tools  to  enhance  communications  and 
coordination. 

•  A  third  group  analyzes  the  behavioral  aspects  of  distributed  intelligence  systems  so  as 
to  develop  decision  support  systems  and  expert  systems.  This  is  the  realm  of  research  on 
ergonomics  and  man-machine  interactions.  These  studies  focus  on  the  parameters  that 
affect  the  response  time,  and  the  constraints  on  flexibility  due  to  limited  human 
processing  capabilities. 

•  Finally,  a  fourth  group  is  interested  in  testing  and  evaluating  actual  or  prospective 
systems.  This  includes  the  development  of  distributed  architectures,  and  the  applications 
of  evaluation  techniques  (quantitative  analysis,  analysis  by  computer  simulation, 
testbeds,  etc).  This  fourth  area  tries  to  encompass  all  four  research  agendas. 

9.5  IMPLEMENTATION  CHANNELS 

The  federal  agencies  expect  that  the  research  efforts  will  influence  four  different  areas  that 
are  under  administrative  jurisdiction:  plarming  and  budgeting;  requirement  generation;  systems 
development;  and  training. 

•  Plarming  and  budgeting. 

The  science  boards  of  FAA  and  DoD  estimate  that  the  results  of  the  research  will 
include  critical  new  aspects  into  long  range  planning  and  architectural  developments. 
The  group  that  develops  theoretical  foundations  and  the  group  that  is  more  concerned 
with  performance  measurement  can  help  evaluate  the  relative  contributions  of  different 
parameters  to  the  effectiveness  of  actual  and  prospective  systems.  They  can  highlight  the 
areas  in  which  actual  achievements  are  adequate,  should  be  improved,  or  stand  at  the  limit 
of  technological  capacities.  Basic  research  about  distributed  intelligence  systems  helps  to 
perform  cost  analyses,  so  that  the  cost-effectiveness  tradeoffs  imposed  by  the 
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policymakers  can  be  as  rational  as  possible. 

•  Requirements  generation. 

Many  of  the  actual  requirements  procedures  are  formulated  based  on  anecdotal  evidence. 
This  evidence  is  generally  gathered  during  exercises,  simulation,  or  from  an  event  of 
unprecedented  nature  such  as  an  accident.  For  most  systems,  this  means  that 
modernization  or  development  programs  do  not  incorporate  all  the  knowledge  that  has 
been  gained  from  actual  systems.  There  is  thus  a  need  to  generate  credible  lessons  from 
the  present  experience  which  can  be  used  to  formulate  new  and  improved  operational 
requirements. 

•  Development  and  acquisition. 

The  scientific  community  and  developers  and  acquisition  people  have  difficulty 
communicating  despite  the  fact  that  a  collaborative  effort  could  bring  significant 
improvements  in  the  development  and  acquisition  processes.  The  Science  Advisory 
Panels  of  both  FAA  and  DoD  expect  that  the  research  programs  and  their  educational 
counterparts  (Seminars,  books,  etc)  will  give  operational  people  the  opportunity  to 
acquire  major  sets  of  new  skills,  and  that  future  upgradings  of  the  systems  will  be 
oriented  more  toward  general  problem  solving  than  toward  incremental  fixing  of  the  latest 
detected  deficiencies.  Test  bed  experimentation  or  the  development  of  simulators  (ATC 
simulators)  where  scientists  and  engineers  can  exchange  ideas,  test  concepts,  and  get 
immediate  feedback  from  people  with  freld  experience  seem  to  offer  the  best  tools  to 
that  respect 

•  Training. 

Training  is  no  longer  the  exclusive  area  of  people  who  run  the  systems.  The  science 
boards  believe  that  simulators  and  testbeds  can  here  again  contribute  significantly  to 
many  improvements,  both  on  the  theoretical  front  and  on  the  practical  front,  by 
testing  in  a  safe  environment  new  ideas  and  procedures,  and  by  significantly  reducing  the 
cost  of  training  new  controllers. 

9.6  AN  INTERIM  ASSESSMENT 

Most  of  the  research  programs  on  distributed  intelligence  systems  have  been  initiated  in  the 
last  decade.  Ten  years  after  the  emergence  of  this  field,  federal  authorities  judge  very  differently 
the  progress  that  has  been  achieved  on  the  basic  research  agendas.  Some  of  the  issues  discussed 
in  the  sequel  have  been  raised  by  the  Science  Advisory  Panel  of  DoD  (1987). 
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•  The  panel  noted  first  that  some  progress  has  been  made  in  formulating  an  embryonic 
theory  for  distributed  intelligence  systems.  However  the  panel  also  noticed  that 
theoretically  oriented  groups  were  the  least  involved  in  practical  applications,  and  that  a 
lot  of  effort  should  be  expended  in  educating  the  operational  community  to  the  first 
significant  results.  In  its  final  word,  the  panel  insisted  that  this  area  of  research  should  be 
expanded ,  because  theorists  are  starting  to  understand  the  important  issues,  and  should 
be  able  to  provide  an  acceptable  framework  for  assessing  the  effects  of  the  various 
systems'  parameters  on  performance. 

•  The  second  segment  of  the  research  community  has  generated  the  most  interactions  and 
progress.  Agencies  such  as  FAA,  FCC,  DARPA,  and  NOSC  have  sponsored  programs 
that  have  been  translated  into  developments  and  acquisitions.  To  cite  just  a  few,  the  FAA 
has  sponsored  much  research  on  radars  and  instrument  landing  capabilities;  DARPA  and 
the  FCC  have  co-sponsored  studies  and  development  of  advanced  packet  switching 
networks;  and  in  addition  DARPA  financed  many  research  efforts  on  parallel  computing. 
As  a  whole,  the  Science  Advisory  Panel  estimated  that  this  area  of  research  is  much  too 
successful,  because  advances  on  technological  issues  effectively  make  the  coordination 
problem  even  more  complicated. 

•  The  behavioral  groups  have  had  isolated  successes.  In  particular,  in  the  area  of  decision 
support  systems,  more  is  known  about  the  design  of  workstations  and  about  the  use  of 
expert  decision  aids  to  enhance  the  effectiveness  of  systems.  On  the  other  hand,  the 
Science  Panel  found  that  the  overall  research  is  much  too  focused  on  components,  or  on 
improvements  of  a  particular  application  than  on  formulating  concepts  that  could  be 
Implied  uiuversally. 

•  Finally,  the  fourth  part  of  the  research  community  has  had  some  success  in  aiding  in  the 
planrung  and  budgeting  areas,  as  well  as  in  the  area  of  development  specifications.  Their 
most  important  contribution  was  to  educate  and  convince  people  that  much  gain  in 
effectiveness  can  be  obtained  by  optimizing  over  the  structures  rather  than  by  focusing 
primarily  on  efficiency  improvements  at  the  level  of  physical  components. 

9.7  CONTRIBUTION 

This  thesis  falls  within  the  activities  of  the  first  segment  of  the  research  community,  that  is 
the  development  of  theoretical  models  to  understand  distributed  intelligence  systems.  For  the  first 
time  in  the  literature,  the  coordination  problem  for  variable  stracture  systems  is  addressed.  This 
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thesis  extends  a  model  that  had  been  successfully  developed  for  fixed  structure  systems,  the  four 
stage  noodel  of  a  boundedly  rational  decisionmaker.  This  model  incorporates  indeed  three  out  of 
four  coordination  mechanisms  presented  in  9.2:  direct  supervision,  mutual  adjustment,  and 
standardization.  Direct  supervision  and  mutual  adjustment  are  modeled  by  the  allowable 
interactions  between  roles.  Standardizadon  is  modeled  by  the  fact  that  one  can  create  a  Colored 
Petri  Net  model  of  the  system,  i.e.,  that  the  acdvides  of  the  roles  are  globally  coordinated  at  the 
system  level,  and  that  this  cooidinadon  is  detenninisdc. 

Two  major  illustradve  examples  have  been  developed.  They  are  the  coordinadon  of  tasks  in 
a  submarine,  and  the  coordinadon  of  air  traffic  controllers  at  Logan  Airport.  They  illustrate  the 
usefulness  of  the  methodology  in  at  least  two  domains.  First,  these  examples  show  that  the 
framewoik  is  able  to  address  the  coordinadon  issues  for  a  pracdcal  problem.  The  exposidon  of 
Chapter  Vin  is  flexible  and  pracdcal  enough  to  easily  incorporate  input  firom  non  technically 
oriented  people.  Second,  the  examples  prove  that  significant  insights  into  the  variable  structures 
that  satisfy  some  well  defined  constraints  can  be  obtained  without  a  computadonally  expensive, 
and  pracdcally  infeasible,  exhausdve  enumeradon.  On  the  other  hand,  a  drawback  is  that  any 
design  process  must  involve  at  least  one  person  with  a  good  knowledge  of  the  model,  who  can 
translate  the  various  constraints  into  mathemadcal  terms.  Furthermore,  the  results  of  the 
methodology  are  more  easily  understandable  if  the  reader  has  had  some  knowledge  of  Petri  Nets. 

This  thesis  is  closely  related  to  work  in  the  fourth  area  of  research,  on  the  evaluadon  of 
performance.  The  performance  of  any  variable  structure  can  be  assessed  by  the  extension  of  the 
System's  Effecdveness  Analysis  as  described  in  Monguillet  (1988),  using  a  Colored  Petri  Net 
model  of  the  structure.  This  thesis  can  thus  be  related  to  other  tools  developed  at  MIT/LIDS, 
which  answer  the  needs  of  a  Research  &  Development  team  that  has  to  study  all  feasible 
configuradons  of  a  system,  given  the  constraints  of  the  mission  and  of  technology.  This  thesis 
describes  how  to  generate  all  variable  structures  that  sadsfy  the  constraints  of  the  design.  The 
other  tools  evaluate  the  performance  of  the  structures.  The  team  in  charge  of  research  and 
development  can  thus  answer  unambiguously  the  concerns  of  policymakers  and  contractors.  The 
team  can  demonstrate  that  a  system  can  be  implemented  or  upgraded  in  the  presence  of 
technological  and  Hnancial  constraints,  and  will  yield  substantial  advantages.  The  polidcal 
authorides,  and  expert  panels  that  are  consulted,  can  base  their  decision  on  such  quandtadve 
measures  instead  of  making  an  educated  guess.  The  predicdons  furnish  criteria  by  which  the 
actual  performance  of  the  system  will  be  assessed  by  policymakers,  and  by  which  decisions 
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about  the  outcome  of  the  project  will  be  made. 


One  sees  that  this  research  effort  addresses  precisely  the  needs  of  the  research  contractors, 
who  want  theoretical  tools  to  help  them  make  decisions.  This  thesis  makes  a  contribution  that  can 
be  integrated  into  a  complete  set  of  analytical  tools  to  address  the  effect  of  the  structure  of  the 
system  on  the  performance  of  the  system.  This  thesis  tried  to  narrow  the  gap  between  the 
organizational  structures  that  can  be  modeled  and  analyzed,  and  the  real,  complex  organizations 
that  exist  and  function. 

9.8  RECOMMENDATIONS 

The  policy  analysis  suggests  a  natural  strategy  for  implementing  the  methodology  of  this 
thesis.  The  constraints  are  that  this  research  has  been  done  on  the  theoretical  front,  which  fails  to 
generate  enough  communication  with  the  operational  community.  The  goal  of  these 
recommendations  is  to  devise  a  strategy  which  will  prove  to  non-theory  cniented  people  that  they 
can  acquire  new  skills  from  this  thesis. 

•  First,  this  thesis  should  generate  papers  to  convince  the  theoretical  community  of  the 
merits  of  this  model,  i.e.,  that  this  model  is  a  first  and  promising  step  toward  an 
understanding  of  variable  structures.  It  will  be  stressed  that  this  model  incorporates  many 
concepts  from  organization  theory  k  la  Simon  into  a  mathematical  frameworic,  and  offers 
brand  new  ways  to  tackle  coordination  problems.  It  is  hoped  in  particular  that  some  of  the 
ideas  introduced  in  this  thesis,  the  use  of  Colored  Petri  Nets  to  model  variable  distributed 
intelligence  systems,  and  the  four  stage  model  of  the  variably  interacting  role,  will  be 
adopted  by  other  studies.  If  other  groups  develop  the  insights  of  this  thesis,  these  studies 
will  generate  a  critical  mass  of  knowledge  that  will  be  more  and  more  appropriate  for 
operational  needs. 

•  Second,  the  following  two  projects  will  aim  at  translating  the  results  into  a  useful  form 
for  the  people  who  interact  in  both  the  research  and  the  operational  worlds. 

A)  The  design  methodology  advocated  in  this  thesis  will  be  implemented  on  a  personal 
computer  and  tied  to  the  CAESAR  package,  which  is  under  development  at  MIT/LIDS. 
This  package  is  a  Macintosh  Il-based  prototype  of  a  workstation  that  provides  Computer 
Assisted  Design  of  distributed  intelligence  systems.  The  actual  package  contains  modules 
to  evaluate  performance  of  system  designs,  and  a  module  that  solves  the  design 
problem  for  fixed  structures.  The  latter  module  will  be  updated  to  account  for  the  results 


196 


of  this  thesis,  and  will  bring  into  CAESAR  the  possibility  to  generate  and  analyze 
variable  structure  systems.  This  workstation  is  regularly  demonstrated  to  people  who  are 
involved  in  planning,  requirements  specification,  and  development,  and  serves  as  a 
demonstration  forum  of  the  work  done  at  MIT/LIDS.  The  new  platform  will  be 
particularly  attractive  to  people  who  are  developing  or  upgrading  new  systems,  as  it  will 
provide  a  complete  set  of  tools  to  investigate  rapidly  the  set  of  designs  that  can  be  chosen, 
and  their  performance.  The  hope  is  that  in  this  way,  the  dialogue  between  basic  research 
and  developers  will  be  enhanced. 

B)  Papers  based  on  the  examples  of  this  thesis  will  be  submitted  at  the  appropriate 
applied  research  forums.  The  choice  of  illustrative  topics  that  are  the  subject  of  much 
discussion  in  their  operational  context  should  convince  the  respective  communities  that 
this  model  can  both  address  currently  important  issues,  and  open  ways  to  overcome  the 
problems  encountered  during  the  course  of  the  operations. 
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CHAPTER  X 


CONCLUSIONS  AND  DIRECTIONS  FOR  FURTHER  RESEARCH 


10.1  CONCLUSIONS 

This  thesis  described  a  methodology  to  model  and  generate  variable  stmcture  distributed 
intelligence  systems.  The  rirst  step  has  been  carried  out  in  Chapter  IV,  where  the  objects  from 
which  the  system  may  be  built  are  described.  In  this  model,  a  decisionmaking  process  is 
described  by  a  four  stage  process,  and  internal  interactions  between  the  decisionmaking 
processes  are  identified.  Chapter  IV  restricts  the  scope  of  this  thesis  to  one  class  of  variable 
structure  systems,  those  that  are  functionally  deterministic  and  temporally  consistent  It  is  shown 
that  these  variable  structure  systems  can  be  represented  in  matrix  fonn.  In  Chapter  V,  the  matrix 
description  of  a  variable  structure  system  is  translated  into  the  language  of  Colored  Petri  Net 
theory.  The  processes  of  folding  and  unfolding  allow  one  to  integrate  the  results  obtained  on 
fixed  structure  systems  into  a  theory  of  variable  structure  systems,  and  to  formulate  the  problem 
of  generating  variable  structure  distributed  intelligence  systems  using  the  language  of  Colored 
Petri  Nets. 

In  Chapter  VI,  the  class  of  structures  that  must  be  considered  given  a  design  problem  is 
described.  Ten  structural  constraints  have  been  imposed  to  define  the  set  of  variable  structures 
that  make  physical  sense.  The  designer  of  a  system  can  also  introduce  the  constraints  that 
correspond  to  his  knowledge  of  the  specific  application.  Chapter  VH  analyzes  the  properties  of 
the  difierent  constraints  using  the  notion  of  convexity.  It  is  shown,  in  particular,  that  a  class  of 
solutions  can  be  decomposed  into  several  distinct  subsets.  Each  subset  of  solutions  has  minimal 
and  maximal  elements.  The  solutions  between  a  minimal  element  and  a  maximal  element  can  be 
sorted  into  layers  of  solutions  with  the  same  effective  pattern,  and  each  layer  is  a  lattice. 

In  Chapter  Vm,  the  new  results  are  illustrated  through  two  examples.  It  appears,  in  these 
examples,  that  the  major  contribution  of  the  model  is  a  quantitative  formulation  of  the 
coordination  problem.  From  the  theoretical  and  practical  points  of  view,  one  major  limitation  of 
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this  model  developed  in  this  thesis  is  that  it  characterizes  only  one  subclass  of  solutions.  The 
user-defined  colwed  constraints  partition  the  set  of  inputs  into  k  subsets,  EXi„..,  EXj^.  The 
subclass  of  solutions  corresponds  to  the  Well  Defined  Variable  Structures  that  assign  one  and 
only  one  fixed  data  flow  structure  to  each  EX^ .  Another  difficulty  is  that  the  properties  of  this  set 
of  solutions  are  less  obvious  than  the  properties  of  the  set  of  fixed  structures. 

Finally,  Chapter  IX  assesses  the  contribution  of  this  thesis  within  the  body  of  research  on 
distributed  intelligence  systems.  The  chapter  describes  an  implementation  strategy  for  this  thesis, 
based  c«i  an  analysis  of  the  rationales  that  led  the  federal  government  to  initiate  research  programs 
on  distributed  intelligence  systems. 

10.2  DIRECTIONS  FOR  FURTHER  RESEARCH 

Research  can  be  pursued  in  many  directions  to  improve  and  extend  the  methodology 
devel<^>ed  in  this  thesis. 

•  The  first  natural  extension  would  be  to  achieve  the  characterization  of  the  set  of  variable 
structures.  This  woric  should  describe  the  set  of  solutions  that  have  an  arbitrary  number 
of  fixed  structures  in  their  support,  and  should  provide  an  algorithm  to  generate  them.  It 
is  suspected  that  convexiQr  is  here  again  the  right  tool  to  be  applied. 

•  The  present  model  should  include  new  prott)cols  of  interactions  between  decisionmaking 
processes.  The  application  of  the  methodology  to  several  real-scale  examples  has  shown 
that  the  coordination  problem  has  too  few  solutions  because  the  model  permits  at  most 
three  interactional  links  between  two  roles.  This  paucity  of  interactions  prevents  the  roles 
firom  having  elaborate  protocols  of  interaction  at  several  stages  of  their  processing.  For 
example,  a  case  in  which  one  role  A  would  ask  for  more  information  from  another  role 
B,  if  A  has  already  received  a  message  from  B,  cannot  be  modeled. 

One  possibility  is  to  transform  the  four  stage  model  into  a  five  stage  model,  in  which  the 
additional  stage  is  equivalent  to  the  middle  processing  of  Andreadakis  and  Levis 
(1988).  New  interactions  should  be  defined  and  would  yield  more  realistic  structures. 

The  present  model  should  also  be  extended  to  incorporate  classes  of  variable  structures 
that  are  not  temporally  consistent,  and  process  observations  induced  by  events  that  do  not 
have  the  same  temporal  cxigin. 

•  It  would  be  particularly  interesting  to  start  an  investigation  of  the  relationships  between 
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the  performance  of  a  system,  and  properties  of  a  Colored  Petri  Net  model  of  the 
structure.  This  can  be  achieved  for  example  by  introducing  Stochastic  Timed  Colored 
Petri  Nets,  if  one  is  interested  in  the  dynamical  properties  of  a  structure.  For  that 
purpose,  the  new  release  of  a  software  product  that  allows  the  design  and  simulation  of 
Colored  Petri  Nets  seems  to  offer  a  promising  tool. 

On  the  same  vein,  there  is  a  need  to  have  an  extensive  investigation  of  the  impact  of  the 
resource  structure.  One  should  look  at  the  properties  that  are  characteristic  of  the  resource 
structure,  and  at  the  protocols  that  control  the  assignment  of  physical  resources  to  the 
functional  entities. 

•  Finally,  there  is  an  urgent  need  to  have  new  analytical  tools  to  investigate  the  properties 
of  Colored  Petri  Nets.  In  particular,  the  concept  of  S-invariants  in  Colored  Petri  Net 
should  be  clarified,  and  one  should  be  able  to  write  an  algorithm  to  compute  colored 
S-invariants,  if  they  can  provide  meaningful  insights  into  variable  structures. 
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APPENDK  A 


COMPUTATION  OF  SOLUTIONS  IN  SUBMARINE  EXAMPLE 


The  procedure  for  determining  the  solutions  to  the  design  problem  for  variable  structures 
consists  of  three  steps.  In  the  case  of  the  submarine  example  presented  in  section  8.1,  the  steps 
take  the  following  fonn. 

Step  A:  The  colored  constraints  specify  the  variability  of  some  links.  Three  variable 
links  have  been  specified  in  8.1,  the  links  from  the  RS  stages  to  the  effectors.  The  effective 
alphabets  of  the  partition  of  the  links  are  XI,  XI.  The  first  step  is  to  determine  tiw  convex  subset 
of  all  fixed  structures  such  that  XI,  X2,  and  X3  are  accessible  at  the  RS  stages  of  the  three  roles. 
The  output  of  this  computation  in  each  W^,  i  =  1, 2, 3  is  a  convex  subset  of  W>.  In  order  to  avoid 
unnecessary  and  lengthy  listings,  the  minimal  and  maximal  elements  in  only  are  represented 
is  Figures  A.1,  A.2,  and  A.3. 


Fig.  A.1  Minimal  Elements  in 
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Hg.  A.2  Minimal  Elements  of  continued 


Fig.  A.3  Maximal  Elements  in 
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Note  that  the  minimal  elements  obtained  after  Step  A  have  been  obtained  by  moving  up  the 
lattice  from  the  minimal  elements  that  are  represented  in  Figure  8.5,  whereas  the  maximal 
elements  that  are  the  outputs  of  Step  A  are  exactly  the  maximal  elements  in  Hgure  8.4. 

Step  B: 

At  this  step,  one  checks  if  there  exists  a  minimal  solution  such  that 

•  EXi  is  assigned  to  a  minimal  element  in  WV 

•  EX2  is  assigned  to  a  minimal  element  £?  in  W^. 

•  EX3  is  assigned  to  a  minimal  element  in  W^. 

One  checks  thus  if  there  exists  a  VMINO  which  corresponds  to  a  folding  of  one  minimal 
fixed  structure  in  a  minimal  WDFS  in  W^,  and  a  WDFS  in  that  have  been  characterized 
after  Step  A.  If  one  does  a  systematic  survey  in  this  example,  no  candidate  VMINOs  can  be 
found  Let  us  illustrate  the  reason  for  it  with  one  example. 

Suppose  that  EXi  is  assigned  to  the  WDFS  depicted  in  Figure  A.4,  EX2  is  assigned  to 
the  WDFS  L2  of  Hgure  A.5,  and  EX^  is  assigned  to  the  WDFS  5?  represented  in  Fig.  A.6. 


Fig.  A.4  WDFS  in  Wi 
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Rg.AJ  WDFSZ?mW2 


Fig.  A.6  WDFS2?inW3 


The  WDVS  that  corresponds  to  the  folding  of  the  three  WDFS  IP',  and  does  not 
fulfill  constraint  RIO.  Consider  for  example  the  link  from  the  RS  stage  of  ASUW  (the  lower 
role)  to  the  IF  stage  of  ASW  (the  upper  role).  This  fixed  link  is  present  in  Z^  and  Z^.  In  the 
variable  structure,  the  link  from  the  RS  stage  of  ASUW  to  the  IF  stage  of  ASW  is  thus  activated 
by  AC  =  EXi  u  EX3.  The  effective  alphabets  of  the  partition  of  X  into  AC  =  EX^  u  EX3  and 
DC  =  EX2  are  XI  and  X2.  One  sees  however  that  X2  is  not  an  accessible  alphabet  at  the  IF  stage 
of  ASW,  because  ASW  monitors  only  the  outputs  of  Sensor  1  at  its  S  A  stage,  the  internal  stage 
that  precedes  IF. 

Similarly,  one  checks  at  Step  B,  if  a  VMAXO  can  be  constructed  by  considering  a  WDVS 
which  is  such  that 

•  EXi  is  assigned  to  a  maximal  element  Z^  in  W^. 

•  EX2  is  assigned  to  a  maximal  element  Z^  in  W^. 

•  EX3  is  assigned  to  a  maximal  element  Z?  in  W^. 

If  one  does  a  systematic  survey  in  this  example,  no  candidate  VMAXOS  are  found  at  this 
step.  Here  again,  let  us  present  only  one  example.  Figures  A.7,  A.8,  and  A.9  represent  three 
WDFS  that  have  been  assigned  to  the  elementary  sets  of  inputs,  EX^,  EX2,  and  EX3. 

The  WDVS  that  corresponds  to  the  folding  of  the  three  WDFS  Z'^  Z’^,  and  Z'^  does  not 
fulfill  constraint  RIO.  Consider  for  example  the  link  from  the  RS  stage  of  ASUW  (the  lower 
role)  to  the  IF  stage  of  ASW  (the  upper  role).  This  fixed  link  is  present  in  Z'^  and  Z'^.  In  the 
variable  structure,  the  link  from  the  RS  stage  of  ASUW  to  the  IF  stage  of  ASW  is  thus  activated 
by  AC  =  EXi  u  EX3.  The  effective  alphabets  of  the  partition  of  X  into  AC  =  EX^  u  EX3  and 
DC  =  EX2  are  XI  and  X2.  One  sees,  however,  that  X2  is  not  an  accessible  alphabet  at  the  IF 
stage  of  ASW,  because  ASW  monitors  only  the  outputs  of  Sensor  1  at  its  S  A  stage,  the  internal 
stage  that  precedes  IF. 
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Fig.A.7  WDFSriinWi 


Fig.A.8  WDFSI’2inW2 
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Fig.A.9  WDFSL'3mW3 


StepC 

If  no  candidate  VMINOs  or  VMAXOs  have  been  obtained  at  Step  B,  then  the  search  is 
continued,  by  moving  up  in  fipom  the  minimal  elements  of  Step  B,  to  investigate  new  candidate 
VMINOs,  and  down  from  the  maximal  elements  from  Step  B,  to  investigate  new  candidate 
VMAXOs.  This  search  can  be  done  optimally,  because  Chapter  Vn  characterizes  the  building 
blocks  that  must  be  added  to  the  previous  candidate  VMINOs,  and  that  must  be  removed  from 
the  previous  candidate  VMAXOs,  to  obtain  the  new  candidate  structures.  This  building  path  is 
made  from  a  simple  information  flow  path  and  a  elementary  set  of  inputs  attached  to  it 

If  one  applies  this  technique  to  the  submarine  example,  then  the  computation  yields  one  and 
only  one  solution,  which  is  depicted  in  Figure  8.10. 
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NOMENCLATURE 


Sets 

X:  The  set  of  inputs  to  the  system.  X  is  a  cross  product  of  the  output  alphabets  of  the 

sensors: 

X  =  Xj  X  Xj  X...X  Xj^ 
where  N  is  the  number  of  sensors. 

W:  The  set  of  Well  Defined  Hxed  Structures.  Each  WDFS  can  be  represented: 

•  In  matrix  form. 

•  By  a  unique  Ordinary  Petri  Net 

V:  The  set  of  Well  Defined  Variable  Stmctures.  Each  AVS  can  be  represaited: 

•  hi  matrix  fortiL 

•  As  a  mapping  finom  X  to  W.  The  range  of  die  mapping  is  the  support  of  the  WDVS. 

•  By  a  unique  Colored  Petri  Net 

AW:  The  subset  of  W  that  contains  the  WDFSs  which  satisfy  Constraints  Rl,  R2,  R3,  R4, 
RS.  These  WDFSs  are  called  the  Admissible  Fixed  Structures. 

AV:  The  subset  of  V  that  contains  the  WDVSs  which  satisfy  Constraints  R6,  R7,  R8,  R9, 
RIO.  These  WDVSs  are  called  the  Admissible  Variable  Structures. 

AP:  The  set  of  Accessible  Patterns.  One  accessible  pattern  is  associated  with  every  WDFS. 
The  accessible  pattern  of  a  WDFS  £  is  computed  on  the  Ordinary  Petri  Net  associated 
with  £.  The  accessible  pattern  of  a  WDVS  FI  is  computed  as  the  intersection  (see 
operator  INT)  of  the  accessible  patterns  of  the  WDFSs  in  the  support  of  IT. 
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Relations 

» 

Rj:  Equivalence  relation  defined  on  X.  Two  inputs  x  and  x*  verify  x  Rj  x'  if  and  only  if  they 

correspond  to  the  same  observation  of  Sensor  i,  i  =  1...N. 

SUB:  Partial  ordering  defined  on  W.  Z  SUB  S’  if  and  only  if  the  Ordinary  Petri  Net  associated 
with  S  is  a  subnet  of  the  Ordinary  Petri  Net  associated  with  S'. 

ACT:  Partial  ordering  defined  on  V.  11  ACT  11'  if  and  only  if  every  interaction  in  11'  is 
activated  by  at  least  as  many  inputs  as  it  is  in  11. 

EFF:  Partial  ordering  defined  on  AP.  E  EFF  E’  if  and  only  if  every  entry  in  E  is  included  in  the 
corresponding  entry  in  E',  i.e.,  for  every  interaction  the  set  of  accessible  alphabets  in  E  is 
included  in  the  set  of  accessible  alphabets  in  E*. 

Operator 

INT:  This  operator  is  defined  on  AP.  Ev«y  entry  of  E INT  E’  corresponds  to  the  intersection 
*  of  the  corresponding  entries  in  E  and  E'. 
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